Snap Employees Have Used Internal Snapchat Tools to Spy on Users

[MacRumors]

Some employees of Snap have access to internal tools that allow them to access Snapchat user data and have in the past abused those tools to spy on Snapchat users, reports Motherboard.

According to two former employees, a current employee, and internal company emails, Snap employees have access to internal tools that let them access location information, saved snaps, phone numbers, and email addresses from users.

One of the tools, SnapLion, was designed to gather information on users in response to valid law enforcement requests. Snap's Spam and Abuse team has access to Snap Lion, as does a Customer Ops team and security staff. One former employee told Motherboard that SnapLion offers "the keys to the kingdom."

The SnapLion tool has legitimate purposes and is used for such within the company, but the two former Snap employees confirmed that it's also been used for illegitimate reasons, though information about specific incidents was not made available.

One of the former employees said that data access abuse occurred "a few times" at Snap. That source and another former employee specified the abuse was carried out by multiple individuals. A Snapchat email obtained by Motherboard also shows employees broadly discussing the issue of insider threats and access to data, and how they need to be combatted.

Motherboard was unable to verify exactly how the data abuse occurred, or what specific system or process the employees leveraged to access Snapchat user data.

A Snap spokesperson said that privacy is "paramount" at Snap, and that little user data is kept. What data is stored is protected by "robust policies" to limit the number of employees who have access. "Unauthorized access of any kind is a clear violation of the company's standards of business conduct and, if detected, results in immediate termination," the spokesperson told Motherboard.

Snap monitors who accesses user data, but the former employees say that the logging procedures aren't perfect, and that years ago, SnapLion did not have robust data protection tools to track what employees were doing. It's not clear if employees are still abusing internal tools, but Motherboard's investigation suggests it did happen in the past.

Snap said it limits internal access to tools to only those who require it, but SnapLion is no longer a tool purely intended to help law enforcement. It is now used more generally across the company. A former employee who worked with SnapLion said the tool is used for resetting passwords of hacked accounts and "other user administration."

Much of what's shared on Snapchat is ephemeral, with content disappearing after a short period of time. Users should be aware, however, that certain data is collected and stored by Snapchat, such as phone number, location data, message metadata (who a person spoke to and when), and some Snap content, such as Memories.

A full accounting of Motherboard's Snap investigation can be read over on Vice.

Article Link: Snap Employees Have Used Internal Snapchat Tools to Spy on Users

 

[vicviper789]

Yawn. Facebook did it first

 

[lexvo]

"privacy is "paramount" at Snap"

Why am I not surprised? Google, Facebook, Snap etc.. are alle the same regarding your privacy it seems.

 

[TokMok3]

People don't care, vanity is more important.

 

[Vanilla35]

"privacy is "paramount" at Snap"

Why am I not surprised? Google, Facebook, Snap etc.. are alle the same regarding your privacy it seems.

Don't forget Amazon. Ring has been spying on people for a while, plus Amazon them self.

 

[44267547]

This is why I have no social media accounts whatsoever, because I don’t trust the likes of Snapchat, Facebook, etc. I value my privacy, and at least I can say that Apple does as well, which is why they’re primarily the only company I trust with my information.

 

[WinstonRumfoord]

You voluntarily enter personal, private information and photos to these FREE apps... And act surprised when it turns out your data is not quite so "private" any more?

*surprised pikachu goes here*

 

[reden]

This has a lot implications if true, like these people possibly spying on children which is really perverted.

 

[now i see it]

Every couple of days, news of major breaches in service agreements and privacy "theft" rolls out in a continuous stream of blunders.
Face it Ladies & Gents- this whole "privacy" charade is meant for fools.
There's no privacy using these gadgets (or software)

 

[Vanilla35]

Every couple of days, news of major breaches in service agreements and privacy "theft" rolls out in a continuous stream of blunders.
Face it Ladies & Gents- this whole "privacy" charade is meant for fools.
There's no privacy using these gadgets (or software)

Yep, apple's is as well. Every tech person knows that. They take "better" steps to secure it, but it's majority fluff

 

[44267547]

You voluntarily enter personal, private information and photos to these FREE apps...l

None of these ‘voluntary followers’ with social media accounts expect their privacy to be infiltrated without them knowing. It Has nothing to do with who decides to support what type of social media, it has everything to do with these Social media companies having ulterior motive’s.

 

[theapplehead]

It was only a matter of time until Snapchat fell in with the likes of FB and Insta. We all knew it would happen....Sigh......

 

[Kabeyun]

It seems that every day I am reminded how wise I am for steering 100% clear of social networking.
[doublepost=1558647038][/doublepost]

This is why I have no social media accounts whatsoever, because I don’t trust the likes of Snapchat, Facebook, etc. I value my privacy, and at least I can say that Apple does as well, which is why they’re primarily the only company I trust with my information.

Hear hear.

 

[Swaderz]

Every couple of days, news of major breaches in service agreements and privacy "theft" rolls out in a continuous stream of blunders.
Face it Ladies & Gents- this whole "privacy" charade is meant for fools.
There's no privacy using these gadgets (or software)

First rule of privacy on the internet is, there is no privacy on the internet.

 

[mariusignorello]

They don’t care. In fact the employees are probably laughing. And nobody is going to get fired.

 

[Doctor Q]

These accusations are rather vague. Some unnamed individuals, sometime in the past, apparently slipped by an internal tracking system and accessed unknown data from unknown persons in unknown ways. I'm not saying it's a false report, but a few more details would make it more of a smoking gun.

Perhaps it's even a good thing that "employees broadly discuss[ed] the issue of insider threats and access to data, and how they need to be combatted."

 

[mi7chy]

This is why I have no social media accounts whatsoever, because I don’t trust the likes of Snapchat, Facebook, etc. I value my privacy, and at least I can say that Apple does as well, which is why they’re primarily the only company I trust with my information.

Tell that to all the celebrities who had their private nude photos shared on Apple's unintended iCloud social network. At least with Snapchat, Facebook, etc. people knew going in that they're social networks so refrained from storing any incriminating private photos.

 

[Jamers99]

What's sad is I wouldn't mind having an Apple HomePod to play some tunes in the Family room but my wife and I both agree the idea of possibly being recorded is too unnerving so we aren't buying one. Stories like this and others mentioned here just confirm our decision.

Of course we still have iPad, iPhones, and Macs, all of which can also record us with a little help from Apple and the NSA.

 

[MengkeMary]

First rule of privacy on the internet is, there is no privacy on the internet.

That's what an ordinary person should expect and prepare for, but not an excuse for companies doing evil.

 

[Jimmy James]

Of course they did.

Yet another case of government related requests resulting in privacy breaches. Sure, Snap should have implemented differently, but still...

 

[Crowbot]

Tell that to all the celebrities who had their private nude photos shared on Apple's unintended iCloud social network. At least with Snapchat, Facebook, etc. people knew going in that they're social networks so refrained from storing any incriminating private photos.

That was not a breach of Apple's security. The accounts were breached because the users used easy to crack passwords.

 

[Williesleg]

Of course they do. So does Apple, Google, Facebook, etc.
They're all evil. Don't kid yourself. Data is the new oil.

 

[Plutonius]

This is why I have no social media accounts whatsoever

I think that the MacRumors forums qualify as social media.

 

[44267547]

I think that the MacRumors forums qualify as social media.

You thought incorrectly. I don’t share any personal information, family/friend photos or anything of the nature other than discussing _tech_ on this site. Everything I have on this site is remotely restricted/controlled, where social media, people can divulge into your personal life. So your quote inferring MacRumors is not mutually exclusive to a social media site on the aspect on how I interpret it.

 

[Jamers99]

Hey MacRumors, just curious, do you keep logs of IP Addresses of your User posts? Would you turn them over in a heartbeat if some gov't Agency waived some court paper at you. The answer to both I'm betting is Yes and Yes. Would you feel bad about it? Probably not.