Snapchat employees spied on users by exploiting company data tools
Employees of social media giant Snap Inc. have been abusing internal company data tools to access data of its users and spy on them, reports Motherboard.
For those unaware, Snap Inc. is an American technology and camera company, based in Santa Monica, California that has four products: Snapchat, Spectacles, Bitmoji, and Zenly.
According to two former employees, a current employee, and a hoard of internal company emails obtained by Motherboard had access to internal tools that allowed Snap employees access to sensitive information such as location, saved snaps, phone numbers, and email addresses from users.
Snap’s Spam and Abuse team, a Customer Ops team and security staffers have access to SnapLion tool, which is used to collect information on users in handling law-enforcement requests. One former employee told Motherboard that SnapLion offers “the keys to the kingdom.”
Although SnapLion tool is used within the company for legitimate purposes, one of the ex-Snap employees said that data access abuse occurred “a few times” at Snap. However, in its report, Motherboard said it was unable to verify exactly how the data was misused.
“One of the former employees said that data access abuse occurred “a few times” at Snap. That source and another former employee specified the abuse was carried out by multiple individuals. A Snapchat email obtained by Motherboard also shows employees broadly discussing the issue of insider threats and access to data, and how they need to be combatted.”
Speaking on the matter, the company said in a statement that “Protecting privacy is paramount at Snap. We keep very little user data, and we have robust policies and controls to limit internal access to the data we do have. Unauthorized access of any kind is a clear violation of the company’s standards of business conduct and, if detected, results in immediate termination.”
Other than internal emails of the company, there is no other confirmation regarding the existence of the tool. Also, it is also unknown whether the tool is still used today to abuse users’ information.