Snapchat employees abused company data access tools to spy on users
According to a report on Thursday, a number of Snap employees abused privileged data management tools to snoop on Snapchat users, in some cases potentially gaining access to location and contact information, as well as saved Snaps.
Citing past and current employees, along with internal Snap email correspondence, Motherboard reports the social media firm at one point fielded a number of tools that granted access to sensitive user data and profile content.
Similar to systems in use by other tech companies, Snap's tools were designed to fulfill legitimate data requests relating to customer issues, internal policy enforcement and other industry-standard purposes. For example, a tool called "SnapLion" was initially used to grant access to user information in the event that Snap was served a subpoena from law enforcement officials or data was demanded by court order.
While Snap policy prohibits perusal of user profiles, multiple employees illegitimately leveraged data access tools to spy on users, sources said. The illicit activity noted in the article took place several years ago and sources claim abuse occurred "a few times" by multiple people.
The exact nature of the intrusion is unknown, as are the tools used to accomplish the feat.
One former employee points directly to SnapLion, saying the tool lacked an adequate system for logging, or monitoring, users when it first debuted. Snap has since bolstered the system's security backbone. Further, the company notes internal data access tools are restricted to select employees.
"Protecting privacy is paramount at Snap. We keep very little user data, and we have robust policies and controls to limit internal access to the data we do have," a spokesperson said in a statement to the publication. "Unauthorized access of any kind is a clear violation of the company's standards of business conduct and, if detected, results in immediate termination."
A former employee familiar with SnapLion said the tool's scope has expanded beyond law enforcement requests and is now employed to reset passwords of hacked accounts and complete other user administration tasks, the report said.
Whether the abuse continues today is unknown, but both current and former employees lauded Snap's efforts toward user privacy.