Snapchat Employees Used Internal Tools to Spy on Users

A detailed Motherboard report highlights how Snapchat employees have been using internal tools to access user data and spy on them. The report is based on the account of two former Snap employees, a current employee, and internal company emails.

Several departments inside Snap have dedicated tools for accessing saved user snaps, their location history, phone numbers, email addresses, and more. The tools are primarily used by Snapchat to meet the demand of law enforcement agencies. However, these tools have been misused by Snapchat employees for spying on users.

One of the internal tools known as SnapLion is used for collecting user data in response to a court order or subpoena. Snapchat’s ‘Spam and Abuse’ team also has access to this tool for fighting spam and bullying on the platform. However, former and current employees revealed that Snapchat’s customer operations team and even the security staff also have access to the tool.

SnapLion provides “the keys to the kingdom,” one of the former employees who described the abuse of accessing user data said.

Internal emails have revealed that Snapchat employees use SnapLion to find the email address linked to an account without any law enforcement order being in play. On the plus side, emails also show the tool being used for investigations against child abuse.

One of the former employees said that data access abuse occurred “a few times” at Snap. That source and another former employee specified the abuse was carried out by multiple individuals. A Snapchat email obtained by Motherboard also shows employees broadly discussing the issue of insider threats and access to data, and how they need to be combatted.

In response to the report, a Snap spokesperson said that protecting the privacy of its users is paramount for the company.

Our Take

Ideally, Snapchat should limit the access of SnapLion to certain employees, but the tool has available across the company to all employees. The tool was also used for resetting passwords of hacked accounts and other administrative purposes.

Snapchat implemented end-to-end encryption at the beginning of this year.

The report highlights how user data is not safe in the hands of the company which created the product itself. If you are a heavy Snap user, make sure to read the full report. With end-to-end encryption in place, Snap users should feel a bit more secure about their data.

[Via Motherboard]