Snapchat employees reportedly abused company data to spy on users

24 May 2019

Snapchat app. Image: TPOphoto/Depositphotos

Report says Snap Inc employees leveraged internal systems to improperly access customer data and spy on users.

A number of Snapchat employees abused internal company systems to look up highly sensitive personal data and spy on users, according to a Motherboard report released on Thursday (23 May).

The investigation unearthed multiple sources and a cache of company emails describing tools that allowed Snap employees to view location information, phone numbers, email addresses and more.

One tool in particular that can be used to internally access data is dubbed ‘SnapLion’. The system was originally designed to gather user information in response to law enforcement requests such as a court order or a subpoena.

According to sources within the company, various teams within Snap Inc, such as the ‘Spam and Abuse’ and ‘Customer Ops’ teams, can use this system. SnapLion is reportedly used both for the purpose of the aforementioned law enforcement compliance and for combating bullying and harassment on the platform.

Systems such as these are common across the tech industry and have legitimate purposes. They are vital to helping companies enforce network terms and policies, and comply with the law. Yet former employees alleged that the systems had also been accessed for illegitimate reasons to spy on unwitting users.

The investigation was unable to verify exactly how the data abuse occurred or what systems were used to access the data. Former employees said they didn’t feel the logging system to track who accessed data and when was sufficient enough to ensure data was only accessed appropriately.

Speaking to Siliconrepublic.com, a Snap spokesperson said that it has “robust systems in place to limit internal access to data”.

“Any perception that employees might be spying on our community is highly troubling and wholly inaccurate. Protecting privacy is paramount at Snap,” the spokesperson continued. “Unauthorised access of any kind is a clear violation of the company’s standards of business conduct and, if detected, results in immediate termination.”

Snap is one of many major tech firms that have been implicated in recent years in abuses of customer data perpetrated by company staff. Motherboard reported last year that Facebook fired an employee who allegedly abused data access to stalk women online. In April, Bloomberg reported that Amazon’s Alexa teams can access customers’ home addresses. Uber employees were also found to have regularly accessed the company’s so-called ‘God view’ to spy on the movements of high-profile politicians and celebrities.

Snapchat app. Image: TPOphoto/Depositphotos

Updated, 1.02pm, 24 May 2019: This article was updated to clarify that the Motherboard report on Facebook was published last year, not this month.

Eva Short was a journalist at Silicon Republic

editorial@siliconrepublic.com