Snapchat employee data made vulnerable in phishing scam

A payroll department employee e-mailed sensitive personal information about 700 current and former workers to someone pretending to be Chief Executive Evan Spiegel.

The impostor received employees’ W-2 tax form data, including name, Social Security number, wages, stock-option gains and benefits. Fifteen minutes after replying, the employee realized the original request, which appeared as if it had been sent from Spiegel’s email address, wasn’t legitimate. The employee then sent a follow-up email to Spiegel, who did not recognize the original note.

The FBI is investigating the incident. Current employees were quickly notified and an email to former employees was sent Sunday night. Everyone affected is being offered free credit monitoring and identity theft insurance.

User data was not compromised and the company’s servers were not breached.

Cybersecurity is a key issue for Snapchat’s brand. More than 100 million people use the entertainment app each day, sometimes to send self-destructing photos and videos with sensitive content.

The company has had problems before. A vulnerability exploited by hackers in 2013 led to names and phone numbers of millions of users being compromised. Since then, the company has touted several measures to upgrade security.