The leaked data reportedly includes personal information like names, addresses, and employment history. The breach occurred in March this year, Reuters said, citing a letter from Snap to a former employee. Snap, a California-based company, is believed to have over 6000 employees on its payroll. It is unclear how many employees were affected by this incident.
No Snapchat Users Affected
Snap said the breach didn’t compromise its systems or expose any Snapchat users’ data. The company has notified the affected employees. Snap has not named the third-party vendor responsible for the leak. However, Reuters said the company’s letter to its employees indicates that the data was stolen from legal services provider Elevate. Elevate provides consulting and technology solutions to law departments and law firms. The company is yet to release an official statement about the data breach. Snap said it would not work with the vendor anymore. This breach may compound the issues that Snap is dealing with. The company has had a terrible run on the stock market over the past 12 months, falling by over 86 percent. In August, insiders revealed that the company plans to lay off about 20 percent of its workforce. This is not the first time Snap’s employees’ data have been leaked online. In February 2016, the payroll information of current and former Snap employees was stolen in a phishing attack. Hackers tricked a Snap human resource employee into handing over the data. In response to the breach, the company said it acted quickly to investigate the extent of the leak and report it to the Federal Bureau of Investigation (FBI). Snap also offered the affected employees a free two-year subscription to a dark web monitoring service.
The Threat of Social Engineering Scams
Criminals often sell the information stolen in cyberattacks on the dark web. This data can be used to orchestrate social engineering scams. Such attacks usually involve threat actors impersonating a trusted person or organization to trick victims into handing over sensitive information like their banking details or login credentials. There has been a significant rise in cyberattacks targeting organizations this year. Companies like Uber, Microsoft, Okta, Twilio, and MailChimp have all been affected. To learn more about typical schemes threat actors use to snare victims and how to protect yourself, check out our articles on social engineering, phishing, and identity theft.