And suddenly it was gone

The ostensible selling point of Snapchat is its vanishing data: everything goes away on a schedule worthy of mayflies. And apparently, “everything” means everything:

Snapchat is famous for its disappearing messages, but unfortunately not everything in this world is ephemeral when you need it to be. The LA-based company disclosed today that a number of its current and former employees had their identities compromised by a cyber attack this month.

“Last Friday, Snapchat’s payroll department was targeted by an isolated email phishing scam in which a scammer impersonated our Chief Executive Officer and asked for employee payroll information,” Snapchat explained in a blog post. “Unfortunately, the phishing email wasn’t recognized for what it was — a scam — and payroll information about some current and former employees was disclosed externally.”

It gets worse. Said @SwiftOnSecurity:

There’s a chance the direct deposit bank info for employees was compromised as well. Good idea to DD into a dedicated account you empty.

We worry about brute-force attacks on our security, and then we just go handing information over to people. And we wonder why this sort of thing happens so often.

Tweet





3 comments

  1. fillyjonk »

    29 February 2016 · 9:12 pm

    And most people HAVE to have pay direct deposited. I never thought about the two-accounts angle; not even sure my credit union would permit that.

    Modern crime makes life inestimably more complicated for the honest; we have to think like criminals and build walls of fail-safes in order to avoid being taken advantage of.

    Until the punishments for cyber crime are made more toothy, it’s just going to keep getting worse because the payoff is big and usually the crooks are in Russia or somewhere beyond the reach of America’s John Law.

  2. McGehee »

    29 February 2016 · 9:27 pm

    TO: Director, U.S. Bureau of Printing and Engraving
    FROM: Janet Yellen, Chairman, Federal Reserve

    Would you be so kind as to direct the next couple of billion dollars to this personal savings account so I can audit the output? Thanks!

  3. CGHill »

    29 February 2016 · 10:09 pm

    It’s possible to set up direct deposit to some debit cards; it ought to be possible to move this stuff back and forth, allowing for the usual ACH dawdling.

RSS feed for comments on this post