Multiple employees have said to be allegedly abusing their access to private user data, Motherboard reveals.

According to two former employees, Snapchat has dedicated tools that can access consumer data, and it is these tools that are being abused by employees. Employees could view user location information, saved Snaps, phone numbers, and email addresses.

SnapLion is one of the internal tools that could be used to spy on users. It was originally utilised to gather information on users when law enforcement requested it, however, access to the tool has expanded across multiple departments. Allegedly a department named “Customer Ops” and security staff had access to SnapLion.

Motherboard reported that it remains unknown if the access to user data was abused, however they pointed out that the alleged ‘spying’ took place years ago.

Mayank Choudhary, senior vice president at ObserveIT commented:

“The incident highlights the risks posed by insider threats. Most of the employees are busy doing their day-to-day jobs but a handful has malicious intent thus causing harm to the organizations they work.”

Snapchat has stated that the allegations are inaccurate. A Snapchat spokesperson wrote in an email:

“Any perception that employees might be spying on our community is highly troubling and wholly inaccurate.

“Protecting privacy is paramount at Snap. We keep very little user data, and we have robust policies and controls to limit internal access to the data we do have, including data within tools designed to support law enforcement.

“Unauthorized access of any kind is a clear violation of the company’s standards of business conduct and, if detected, results in immediate termination.”

PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.

For more information on upcoming events, visit the website.


GDPR Summit Series is a global series of GDPR events which will help marketers to prepare to meet the requirements of the GDPR ahead of May 2018 and beyond. Further information and conference details are available at http://www.gdprsummit.london/


comments powered by Disqus