Boing Boing Staging

Snap employees used the company's internal 'SnapLion' tool to access Snapchat user data

Some employees of the company that runs Snapchat used internal tools to access user data several years ago, before Snap restricted access.

“Several departments inside social media giant Snap have dedicated tools for accessing user data, and multiple employees have abused their privileged access to spy on Snapchat users,” Motherboard reports.

The notion that a technology company would *not* have tools with which to access user data is silly, because that’s what social media companies do. Manage user data. But there are concerns about how the tools at Snap were accessed and used, and for what purpose.

Reporter Joseph Cox spoke to Snap employees who said yes, there was abuse.

From Joseph Cox at Motherboard

Two former employees said multiple Snap employees abused their access to Snapchat user data several years ago. Those sources, as well as an additional two former employees, a current employee, and a cache of internal company emails obtained by Motherboard, described internal tools that allowed Snap employees at the time to access user data, including in some cases location information, their own saved Snaps and personal information such as phone numbers and email addresses. Snaps are photos or videos that, if not saved, typically disappear after being received (or after 24 hours if posted to a user’s Story).

Motherboard granted multiple sources in this story anonymity to speak candidly about internal Snap processes.

Although Snap has introduced strict access controls to user data and takes abuse and user privacy very seriously according to several sources, the news highlights something that many users may forget: behind the products we use everyday there are people with access to highly sensitive customer data, who need it to perform essential work on the service. But, without proper protections in place, those same people may abuse it to spy on users’ private information or profiles.

One of the internal tools that can access user data is called SnapLion, according to multiple sources and the emails. The tool was originally used to gather information on users in response to valid law enforcement requests, such as a court order or subpoena, two former employees said. Both of the sources said SnapLion is a play on words with the common acronym for law enforcement officer LEO, with one of them adding it is a reference to the cartoon character Leo the Lion. Snap’s “Spam and Abuse” team has access, according to one of the former employees, and a current employee suggested the tool is used to combat bullying or harassment on the platform by other users. An internal Snap email obtained by Motherboard says a department called “Customer Ops” has access to SnapLion. Security staff also have access, according to the current employee. The existence of this tool has not been previously reported.

SnapLion provides “the keys to the kingdom,” one of the former employees who described the abuse of accessing user data said.

More from Twitter below.

Exit mobile version