Snapchat became a victim of a phishing attack over the weekend, leaking its employees' payroll information to a hacker pretending to be the company's CEO. The impersonator convinced an unnamed worker in the company's payroll department to externally disclose information on several current and former employees.
In an official company's blog post on Sunday, Snapchat acknowledged the breach, which took place last Friday, and assured its employees that the user information wasn't compromised nor its servers were breached. The company was able to contain the issue with a swift response within four hours of the attack.
"We're a company that takes privacy and security seriously. So it's with real remorse â€" and embarrassment â€" that one of our employees fell for a phishing scam and revealed some payroll information about our employees," Snapchat wrote on the company's blog.
"The good news is that our servers were not breached, and our users' data was totally unaffected by this. The bad news is that a number of our employees have now had their identity compromised. And for that, we're just impossibly sorry."
Snapchat did not reveal the kind of information that was leaked, however, it becomes crucial as the breach was related to the payroll data. It could possibly include information like salary, SSN, bank info, addresses, email and personal ID, and other confidential data that could create mayhem for the victims. There is no word on how many employees were affected in the attack.
Snapchat said the issue was reported to the FBI and that its employees are offered two years of free identity theft insurance and monitoring. To prevent further such attacks in the future, Snapchat said it will "redouble" its scrupulous training programmes for its employees in the coming weeks.
Snapchat was previously attacked in 2014, when hundreds and thousands of users' photos were leaked through unofficial third party apps.
Cyber crime has become an alarming threat to users on the Internet. In 2015, several attacks on web and mobile led to millions of affected users around the world. FREAK attack, Stagefright bug, Ashley Madison hack and attack on Yahoo are some of the high-profile breaches last year.