Existing online today means giving over a wealth of data. The hope is that the companies safeguarding it are doing so securely, but thousands of people work for these companies, and all it takes is a few bad actors with the right access to peep at some of your most intimate personal details. And, according to two former Snap employees who spoke with Motherboard, that’s exactly what happened at Snapchat.
According to these former Snap workers, several years ago, “multiple” employees at the company had improperly accessed user data, meaning they had abused their privileges to spy on users outside of the delineated legitimate reasons they would need to access such data.
Employees at the company do have internal tools that do grant them access to personal information like location data, saved photos and videos on the app, phone numbers, and email addresses, according to Motherboard, and a former employee reportedly said that abuse of this data happened at least “a few times.” One of the tools described in the report is called SnapLion, which was reportedly designed to let the company access user data for law enforcement purposes.
It was accessible by the company’s Spam and Abuse team, Customer Ops team, and security staff, Motherboard reports. A former employee characterised it as “the keys to the kingdom,” Motherboard reported, and internal emails obtained by the publication revealed that an employee used the tool to look up someone’s email address.
We have reached out to Snap to comment on the claim that multiple employees have abused their data access to spy on users, as well as to comment on what measures the company has in place to ensure this doesn’t happen again. We’ll update when we hear back.
If you didn’t know that the gatekeepers of your precious data sometimes have the means to access it, then you are in for quite a humbling realisation. And abuse of this power by some employee with a weak moral compass is bound to happen. Indeed, it has happened. A lot.
It happened at the National Security Agency, in which several employees used surveillance tools to spy on past and current flames. And it happened at a police department in Florida, where a cop targeted at least 150 women for dates by searching an internal database.
This is hardly an exhaustive account of all the times employees have misused legitimate internal surveillance tools for personal gain, and it probably won’t be the last.