Snapchat is a popular social media app with more than 160 million users worldwide. According to a detailed report by Motherboard and Vice on an account of several emails, they end up getting along with insights from a current Snap employee and two ex-employees suggest a rather unpleasant turn that access to the data stored on Snapchat could take if ended in the wrong hands.
First thing first, Snapchat is an ephemeral app where photos and videos stored to other Snap users are destroyed after 24 hours without any doubt. Although Snapchat doesn’t store much of the information but the message metadata, location information, name, phone number, email address related to the accounts in order to comply with law enforcement if needed. However, it has been found out that Snap employees have access to all those data and it has been ‘illegitimately’ used several times.
To put things into context, Snap employees have many robust systems in place to monitor each aspect of this ephemeral app. One such tool is called SnapLion which has been regarded as the “key to the kingdom” as it allows access to the user data to those in the backend. Usually, the tool is used to comply with law enforcement such as when a legal complaint is filed against a user or if the law enforcement is looking for specific data on the platform.
However, the tool although primarily used for legitimate purposes, have been used illegitimately in the past by some of the employees. Currently, employees in the Spam and Abuse team, Customer Ops, and security staff have access to the data but it doesn’t mean everyone is actually practicing against safeguarding it.
Motherboard got a hold of an email from Snap where employees were discussing the use of SnapLion that allows employees to access user data illegitimately and how to combat it. Furthermore, a different email revealed how SnapLion can allow employees to look up the email address related to an account in a not-so-low enforcement context.
When asked if there are systems logging employees accessing the user data, it was found out that although Snap has a bunch of robust systems to both protect user data and log access, it wasn’t in action a few years ago and that’s where the instances of accessing those data were considerably high.
Snap has some serious and strict policies on user data and takes the first row when it comes to user privacy and abuse complaints. This is why it stores much less data including phone number, message metadata which dictates who and when the messages were sent, as well as email address and location-based information and illegitimately accessing those user data could end up employees getting terminated immediately if detected. Snapchat has made it clear that it only allows access to these tools to those who require it and not for others. An ex-employee further added that SnapLion has been made general across the company and how it is now used to reset passwords of hacked accounts on others.