Sources said multiple employees abused their access to private user data
A bombshell Motherboard report reveals that employees across several departments at Snapchat can view user location information, saved Snaps, phone numbers and email address through a tool known as SnapLion. It’s not clear exactly how widespread abuse of the tool is; a former Snapchat employee quoted in the report said that data access abuse happened a “few times” at the organization.
In response to the report, Snap gave the following rebuttal: “Any perception that employees might be spying on our community is highly troubling, and wholly inaccurate. Protecting privacy is paramount at Snap. We keep very little user data, and we have robust policies and controls to limit internal access to the data we do have, including data within tools designed to support law enforcement. Unauthorized access of any kind is a clear violation of the company’s standards of business conduct and, if detected, results in immediate termination.”
In total, Motherboard spoke to four former employees and a current employee that verified the existence of the SnapLion tool. Two former employees said that the abuse of the SnapLion tool occurred “several years” ago, but it’s unknown whether it’s still happening today. Emails obtained by Motherboard revealed an employee using the tool to look-up a user email address in a non-law enforcement related context. Snapchat did not immediately respond to a request from Engadget for comment.
What stands out in the case of Snapchat is how easily employees across multiple departments were able to use the SnapLion tool for unrelated, internal purposes, such as handling spam and abuse on the platform. But such an internal tool isn’t unique to Snapchat, neither is abuse of private data by employees. Facebook fired a security engineer last year for using personal data to stalk women. Uber’s use of a “God View” tool that revealed rider’s location prompted an investigation by the New York State Attorney General. Both companies responded by promising stricter privacy controls; in the case of Facebook, the employee in question was fired.