It doesn’t matter if you work at an old company that lacks tech savvy or one of the hottest tech startups around: No one is immune to phishing scams, as Snapchat proved this weekend.

On Sunday, the ephemeral messaging app revealed on its blog that the data of some of its employees, current and past, has been compromised. On Friday, a scammer impersonated the company’s CEO, Evan Spiegel, and sent a phishing email asking for payroll information to an employee in that department. Unfortunately, neither Snapchat’s security system, nor the employee realized it was a scam, and the data was “disclosed externally,” the company explains.

Snapchat says it took action within four hours, confirming it was an isolated phishing incident and reporting it to the FBI. It’s also offering two years of free identity-theft insurance and monitoring to employees affected by the leak, and is beefing up its security training for employees to help avoid such incidents in the future.

The good news is that user data and the company’s data servers are safe, Snapchat says, clearly still sensitive about the topic more than two years after a massive amount of data was leaked on Dec. 24, 2013. The company has also faced other security challenges over the year, including charges from U.S. regulators over its allegedly false claims that photos and videos aren’t stored anywhere once viewed. Snapchat settled the charges in May 2014.


Founded in 2011, Snapchat is currently valued at $16 billion and has more than 100 million daily active users.