What you need to know
- A report claims Snapchat employees abused their privilege to access user data.
- This included saved snaps, phone numbers, and more.
- SnapLion was one of the internal tools used to do this.
It seems like not a day goes by without learning about a new privacy concern or data breach, and this time around Snapchat gets its spot in the limelight with a report that some of its employees abused internal tools to access users’ personal information.
According to former Snap Inc. employees, internal tools at Snapchat were used to access heaps of personal information in an abusive way. This includes phone numbers, email addresses, location information, and saved snaps. One of the tools used to access this info is reportedly called “SnapLion.”
The tool was originally used to gather information on users in response to valid law enforcement requests, such as a court order or subpoena, two former employees said…Snap’s “Spam and Abuse” team has access, according to one of the former employees, and a current employee suggested the tool is used to combat bullying or harassment on the platform by other users. An internal Snap email obtained by Motherboard says a department called “Customer Ops” has access to SnapLion. Security staff also have access, according to the current employee.
Commenting on SnapLion, one former employee described having access to it like having “the keys to the kingdom.”
While SnapLion is used legitimately, Motherboard’s report indicates that it was often used maliciously by employees.
One of the former employees said that data access abuse occurred “a few times” at Snap. That source and another former employee specified the abuse was carried out by multiple individuals. A Snapchat email obtained by Motherboard also shows employees broadly discussing the issue of insider threats and access to data, and how they need to be combatted.
Snapchat responded to this report, saying that protecting its users’ privacy is “paramount” and that detected violation of its business conduct “results in immediate termination.” Snapchat supposedly keeps a close eye on who’s using SnapLion and what’s being done with the tool, but one of the former employees noted that “a number of years ago SnapLion did not have a satisfactory level of logging to track what data employees accessed.”
Companies like Snapchat, Facebook, and Twitter regularly remind us how focused they are on protecting our data/information, and while tools might be in place to do just that, it’s clear that these things being used to protect us can also harm when in the wrong hands.