Snapchat employees have reportedly leveraged internal systems to improperly access customer data and spy on users.
According to a new report from Motherboard, Snapchat has internal tools dedicated to accessing consumer data and these same tools have been subject to abuse by employees.
“Several departments inside social media giant Snap have dedicated tools for accessing user data, and multiple employees have abused their privileged access to spy on Snapchat users,” reads the report.
Apparently, an internal tool –— which was only supposed to be used in response to valid law enforcement requests — was used by staff to access users’ saved photos and videos, and personal information such as phone numbers and email addresses.
The internal tool, called SnapLion, was originally designed to help law enforcement investigations but has since become more widely used inside the company for purposes such as resetting passwords on hacked accounts. One former worker described it as “the keys to the kingdom” to Snapchat’s spam and abuse teams, security division, and operations teams.
“The tool was originally used to gather information on users in response to valid law enforcement requests, such as a court order or subpoena, two former employees said…Snap’s ‘Spam and Abuse’ team has access, according to one of the former employees, and a current employee suggested the tool is used to combat bullying or harassment on the platform by other users,” explains the report. “An internal Snap email obtained by Motherboard says a department called ‘Customer Ops’ has access to SnapLion. Security staff also have access, according to the current employee.”
Snap, the parent company of the photo and video app, didn’t immediately respond to a request for comment, but told Motherboard that protecting user privacy is “paramount.”
“We keep very little user data, and we have robust policies and controls to limit internal access to the data we do have,” said a Snap spokesperson in a statement. “Unauthorized access of any kind is a clear violation of the company’s standards of business conduct and, if detected, results in immediate termination.”
