The ostensible selling point of Snapchat is its vanishing data: everything goes away on a schedule worthy of mayflies. And apparently, “everything” means everything:
Snapchat is famous for its disappearing messages, but unfortunately not everything in this world is ephemeral when you need it to be. The LA-based company disclosed today that a number of its current and former employees had their identities compromised by a cyber attack this month.
“Last Friday, Snapchat’s payroll department was targeted by an isolated email phishing scam in which a scammer impersonated our Chief Executive Officer and asked for employee payroll information,” Snapchat explained in a blog post. “Unfortunately, the phishing email wasn’t recognized for what it was — a scam — and payroll information about some current and former employees was disclosed externally.”
It gets worse. Said @SwiftOnSecurity:
There’s a chance the direct deposit bank info for employees was compromised as well. Good idea to DD into a dedicated account you empty.
We worry about brute-force attacks on our security, and then we just go handing information over to people. And we wonder why this sort of thing happens so often.