Snap Employees Have Used Internal Snapchat Tools to Spy on Users

Some employees of Snap have access to internal tools that allow them to access Snapchat user data and have in the past abused those tools to spy on Snapchat users, reports Motherboard.

According to two former employees, a current employee, and internal company emails, Snap employees have access to internal tools that let them access location information, saved snaps, phone numbers, and email addresses from users.

One of the tools, SnapLion, was designed to gather information on users in response to valid law enforcement requests. Snap's Spam and Abuse team has access to Snap Lion, as does a Customer Ops team and security staff. One former employee told Motherboard that SnapLion offers "the keys to the kingdom."

The SnapLion tool has legitimate purposes and is used for such within the company, but the two former Snap employees confirmed that it's also been used for illegitimate reasons, though information about specific incidents was not made available.

One of the former employees said that data access abuse occurred "a few times" at Snap. That source and another former employee specified the abuse was carried out by multiple individuals. A Snapchat email obtained by Motherboard also shows employees broadly discussing the issue of insider threats and access to data, and how they need to be combatted.

Motherboard was unable to verify exactly how the data abuse occurred, or what specific system or process the employees leveraged to access Snapchat user data.

A Snap spokesperson said that privacy is "paramount" at Snap, and that little user data is kept. What data is stored is protected by "robust policies" to limit the number of employees who have access. "Unauthorized access of any kind is a clear violation of the company's standards of business conduct and, if detected, results in immediate termination," the spokesperson told Motherboard.

Snap monitors who accesses user data, but the former employees say that the logging procedures aren't perfect, and that years ago, SnapLion did not have robust data protection tools to track what employees were doing. It's not clear if employees are still abusing internal tools, but Motherboard's investigation suggests it did happen in the past.

Snap said it limits internal access to tools to only those who require it, but SnapLion is no longer a tool purely intended to help law enforcement. It is now used more generally across the company. A former employee who worked with SnapLion said the tool is used for resetting passwords of hacked accounts and "other user administration."

Much of what's shared on Snapchat is ephemeral, with content disappearing after a short period of time. Users should be aware, however, that certain data is collected and stored by Snapchat, such as phone number, location data, message metadata (who a person spoke to and when), and some Snap content, such as Memories.

A full accounting of Motherboard's Snap investigation can be read over on Vice.

Top Rated Comments

(View all)
Avatar
11 months ago
Yawn. Facebook did it first
Score: 22 Votes (Like | Disagree)
Avatar
11 months ago

Tell that to all the celebrities who had their private nude photos shared on Apple's unintended iCloud social network. At least with Snapchat, Facebook, etc. people knew going in that they're social networks so refrained from storing any incriminating private photos.

That was not a breach of Apple's security. The accounts were breached because the users used easy to crack passwords.
Score: 13 Votes (Like | Disagree)
Avatar
11 months ago
"privacy is "paramount" at Snap"

Why am I not surprised? Google, Facebook, Snap etc.. are alle the same regarding your privacy it seems.
Score: 13 Votes (Like | Disagree)
Avatar
11 months ago
This is why I have no social media accounts whatsoever, because I don’t trust the likes of Snapchat, Facebook, etc. I value my privacy, and at least I can say that Apple does as well, which is why they’re primarily the only company I trust with my information.
Score: 13 Votes (Like | Disagree)
Avatar
11 months ago
Every couple of days, news of major breaches in service agreements and privacy "theft" rolls out in a continuous stream of blunders.
Face it Ladies & Gents- this whole "privacy" charade is meant for fools.
There's no privacy using these gadgets (or software)
Score: 10 Votes (Like | Disagree)
Avatar
11 months ago

This is why I have no social media accounts whatsoever

I think that the MacRumors forums qualify as social media.
Score: 10 Votes (Like | Disagree)

Top Stories

Apple's 2020 MacBook Air vs. 2020 iPad Pro

Wednesday April 1, 2020 2:45 pm PDT by Juli Clover
Apple in March updated both the MacBook Air and the iPad Pro, and with the iPad Pro increasingly positioned as a computer replacement, we thought we'd compare both new machines to see how they measure up and which one might be a better buy depending on user needs. Subscribe to the MacRumors YouTube channel for more videos. We're comparing the base model 12.9-inch iPad Pro and the base model...

New Low-Cost 'iPhone SE' Could Launch as Soon as Tomorrow

Thursday April 2, 2020 4:06 pm PDT by Juli Clover
Apple's new low-cost iPhone is set to launch as early as Friday, April 3, according to a new report from 9to5Mac that cites a tip from a "highly trusted reader." The site says that while it can't be certain about the launch date, "Apple could reveal and begin taking orders for the new iPhone as soon as tomorrow." The iPhone 8 Apple is said to be planning to call the new iPhone, which is...

Zoom Accused of Misleading Users With 'End-to-End Encryption' Claims Amid Other Security Issues [Updated]

Wednesday April 1, 2020 2:47 am PDT by Tim Hardwick
Zoom is facing fresh scrutiny today following a report that the videoconferencing app's encryption claims are misleading. Zoom states on its website and in its security white paper that the app supports end-to-end encryption, a term that refers to a way of protecting user content so that the company has no access to it whatsoever. However, an investigation by The Intercept reveals that...

AirTags Referenced in New Apple Support Video

Thursday April 2, 2020 12:12 pm PDT by Joe Rossignol
Apple has accidentally referenced its widely rumored AirTags item tracking tags in a video that it uploaded to its Apple Support channel on YouTube today. The video was first spotted by the blog Appleosophy and has quickly been removed. The video was titled "How to erase your iPhone." AirTags were mentioned in Settings > Apple ID > Find My > Find My iPhone under Enable Offline Finding, with...

Intel Unveils 10th-Gen Processors Suitable for Next 16-Inch MacBook Pro With Wi-Fi 6 and Turbo Boost Speeds Above 5GHz

Thursday April 2, 2020 7:53 am PDT by Joe Rossignol
Intel today announced the launch of its latest 10th-generation Core processors for high-end notebooks, potentially including the next 16-inch MacBook Pro. The batch of 45W chips, part of the Comet Lake family, are built on Intel's 14nm++ architecture. The new H-series chips have the same base clock speeds as the 9th-generation chips in the current 16-inch MacBook Pro, but Turbo Boost speeds...

Apple Acquires Weather App Dark Sky

Tuesday March 31, 2020 10:22 am PDT by Juli Clover
Apple has acquired weather app Dark Sky, Dark Sky's developers announced today. Dark Sky is one of the most popular weather apps on the App Store, known for its accuracy and storm warnings. Our goal has always been to provide the world with the best weather information possible, to help as many people as we can stay dry and safe, and to do so in a way that respects your privacy. There is no ...

Apple Adding Some 2013 and 2014 MacBook Air and MacBook Pro Models to Vintage Products List at End of April

Wednesday April 1, 2020 2:24 pm PDT by Joe Rossignol
In an internal memo obtained by MacRumors, Apple has indicated that the following 2013 and 2014 models of the MacBook Air and MacBook Pro will be added to its vintage and obsolete products list on April 30:MacBook Air (11-inch, Mid 2013) MacBook Air (13-inch, Mid 2013) MacBook Air (11-inch, Early 2014) MacBook Air (13-inch, Early 2014) MacBook Pro (13-inch, Mid 2014)Apple defines vintage...

Apple Paid Hacker $75,000 for Uncovering Zero-Day Camera Exploits in Safari

Friday April 3, 2020 3:58 am PDT by Tim Hardwick
Apple paid out $75,000 to a hacker for identifying multiple zero-day vulnerabilities in its software, some of which could be used to hijack the camera on a MacBook or an iPhone, according to Forbes. A zero-day vulnerability refers to a security hole in software that is unknown to the software developer and the public, although it may already be known by attackers who are quietly exploiting...

iPhone 8 Screen Protector Updated With 'iPhone SE' Compatibility on Apple's Online Store

Thursday April 2, 2020 8:10 pm PDT by Joe Rossignol
Another clue has surfaced to suggest that Apple's rumored lower-cost iPhone SE successor will likely be released soon. Earlier today, a product listing for a Belkin screen protector on Apple's online store was updated to reflect compatibility with not only the iPhone 7 and iPhone 8, but also the iPhone SE. Given the original iPhone SE was a 4-inch device, and the iPhone 7 and iPhone 8 are...

2020 iPad Pro May Not Have a U1 Ultra Wideband Chip After All

Wednesday April 1, 2020 8:49 pm PDT by Joe Rossignol
While it was previously reported that all 2020 iPad Pro models feature the same Apple-designed U1 chip as the iPhone 11 lineup, enabling Ultra Wideband support, we have compiled evidence to suggest that this may not be the case. As a reminder, Apple's tech specs for the iPhone 11 and iPhone 11 Pro list an Ultra Wideband chip for spatial awareness, but the chip is not mentioned in Apple's...