When it comes to security of any kind, there is one place where you’re most likely to find a vulnerability. I’m referring, of course, to the human element. Anytime you have a person standing between sensitive information and those with malicious intent, there is the possibility of error. The people at Snapchat learned this the hard way, over the weekend.
On Friday, someone from the company’s payroll department received a request for employee information from Evan Spiegel. And when the CEO of your company wants to review payroll information on some employees, you zip that information over to him ASAP. Of course, on the internet, not everyone is who they say they are.
That’s right, someone who wasn’t the CEO of the company requested payroll information on an unknown number Snapchat employees, and they got it. After sending the information, the person in payroll decided to double-check that the request came from Spiegel. He confirmed that it did not, which meant that the request came from outside of the company.
Snapchat sent out a letter to employees, letting them know what happened. The company is also offering two years of free identity-theft insurance and monitoring. They went on to say that they are redoubling their security training for employees, to ensure that something like this does not happen again in the future.
The good news for users is that none of their private information was exposed during the attack.
Source: Snapchat blog