New in OS X: Get MacRumors Push Notifications on your Mac

Resubscribe Now Close

Snap Employees Have Used Internal Snapchat Tools to Spy on Users

Thursday May 23, 2019 1:28 pm PDT by Juli Clover
Some employees of Snap have access to internal tools that allow them to access Snapchat user data and have in the past abused those tools to spy on Snapchat users, reports Motherboard.

According to two former employees, a current employee, and internal company emails, Snap employees have access to internal tools that let them access location information, saved snaps, phone numbers, and email addresses from users.

One of the tools, SnapLion, was designed to gather information on users in response to valid law enforcement requests. Snap's Spam and Abuse team has access to Snap Lion, as does a Customer Ops team and security staff. One former employee told Motherboard that SnapLion offers "the keys to the kingdom."

The SnapLion tool has legitimate purposes and is used for such within the company, but the two former Snap employees confirmed that it's also been used for illegitimate reasons, though information about specific incidents was not made available.
One of the former employees said that data access abuse occurred "a few times" at Snap. That source and another former employee specified the abuse was carried out by multiple individuals. A Snapchat email obtained by Motherboard also shows employees broadly discussing the issue of insider threats and access to data, and how they need to be combatted.

Motherboard was unable to verify exactly how the data abuse occurred, or what specific system or process the employees leveraged to access Snapchat user data.
A Snap spokesperson said that privacy is "paramount" at Snap, and that little user data is kept. What data is stored is protected by "robust policies" to limit the number of employees who have access. "Unauthorized access of any kind is a clear violation of the company's standards of business conduct and, if detected, results in immediate termination," the spokesperson told Motherboard.

Snap monitors who accesses user data, but the former employees say that the logging procedures aren't perfect, and that years ago, SnapLion did not have robust data protection tools to track what employees were doing. It's not clear if employees are still abusing internal tools, but Motherboard's investigation suggests it did happen in the past.
Snap said it limits internal access to tools to only those who require it, but SnapLion is no longer a tool purely intended to help law enforcement. It is now used more generally across the company. A former employee who worked with SnapLion said the tool is used for resetting passwords of hacked accounts and "other user administration."
Much of what's shared on Snapchat is ephemeral, with content disappearing after a short period of time. Users should be aware, however, that certain data is collected and stored by Snapchat, such as phone number, location data, message metadata (who a person spoke to and when), and some Snap content, such as Memories.

A full accounting of Motherboard's Snap investigation can be read over on Vice.

[ 72 comments ]


Top Rated Comments

(View all)

Avatar
vicviper789
13 weeks ago
Yawn. Facebook did it first
Rating: 22 Votes
Avatar
Relentless Power
13 weeks ago
This is why I have no social media accounts whatsoever, because I don’t trust the likes of Snapchat, Facebook, etc. I value my privacy, and at least I can say that Apple does as well, which is why they’re primarily the only company I trust with my information.
Rating: 13 Votes
Avatar
lexvo
13 weeks ago
"privacy is "paramount" at Snap"

Why am I not surprised? Google, Facebook, Snap etc.. are alle the same regarding your privacy it seems.
Rating: 13 Votes
Avatar
Crowbot
13 weeks ago

Tell that to all the celebrities who had their private nude photos shared on Apple's unintended iCloud social network. At least with Snapchat, Facebook, etc. people knew going in that they're social networks so refrained from storing any incriminating private photos.


That was not a breach of Apple's security. The accounts were breached because the users used easy to crack passwords.
Rating: 13 Votes
Avatar
Plutonius
13 weeks ago

This is why I have no social media accounts whatsoever


I think that the MacRumors forums qualify as social media.
Rating: 10 Votes
Avatar
now i see it
13 weeks ago
Every couple of days, news of major breaches in service agreements and privacy "theft" rolls out in a continuous stream of blunders.
Face it Ladies & Gents- this whole "privacy" charade is meant for fools.
There's no privacy using these gadgets (or software)
Rating: 10 Votes
Avatar
WinstonRumfoord
13 weeks ago
You voluntarily enter personal, private information and photos to these FREE apps... And act surprised when it turns out your data is not quite so "private" any more?

*surprised pikachu goes here*
Rating: 8 Votes
Avatar
TokMok3
13 weeks ago
People don't care, vanity is more important.
Rating: 8 Votes
Avatar
MengkeMary
13 weeks ago

First rule of privacy on the internet is, there is no privacy on the internet.

That's what an ordinary person should expect and prepare for, but not an excuse for companies doing evil.
Rating: 8 Votes
Avatar
Vanilla35
13 weeks ago

"privacy is "paramount" at Snap"

Why am I not surprised? Google, Facebook, Snap etc.. are alle the same regarding your privacy it seems.


Don't forget Amazon. Ring has been spying on people for a while, plus Amazon them self.
Rating: 7 Votes

[ Read All Comments ]