Snap Employees ‘Abused Internal Tools To Spy On Users’

Snap, maker of the Snapchat messaging service, has internal tools that allow staff in multiple departments to access users’ personal data, including location information, saved messages, telephone numbers and emails, according to a report.

Snap has protections in place to combat the abuse of the tools by employees, but some individuals have nevertheless used them in the past to spy on users, some staff told industry website Motherboard this week.

The existence of data access tools is standard in the tech industry, where companies are obliged to be able to hand over certain types of data to law enforcement if the need should arise, with other legitimate uses including enforcing company policies.

Nevertheless, the existence of Snap’s tools, one of which is called SnapLion, may come as a surprise to some users, many of whom use Snapchat due to the perceived ephemerality of messaging on the platform.

Disappearing messages

Unless saved, Snap messages typically disappear after a recipient reads them.

The potential for data-gathering tools to be abused by insiders is a current concern at Snap as elsewhere, and the company has measures in place to prevent it from happening.

For instance, the company has improved its logging processes over time to ensure that tools such as SnapLion monitor what data is accessed by which employees, unnamed staff said in the report.

Nevertheless, several individuals have abused the tools in the past, with incidents occurring several years ago, staff said.  It wasn’t clear whether abuse had occurred more recently.

Snap said privacy is “paramount” at the company.

“Any perception that employees might be spying on our community is highly troubling, and wholly inaccurate,” the firm said in a statement.


“We keep very little user data, and we have robust policies and controls to limit internal access to the data we do have, including data within tools designed to support law enforcement.

“Unauthorised access of any kind is a clear violation of the company’s standards of business conduct and, if detected, results in immediate termination.”

Companies including Facebook and Uber have introduced stricter privacy controls after staff were found to be misusing internal tools to spy on customers.

In 2014 Snap settled FTC charges that it “deceived” users over the disappearing nature of its messages, since “snaps” can be saved.

Regulators also reprimanded Snap for failing to disclose that it collects user data including location information.

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Malicious Online Ad Campaign Steals User Logins

'Magnat' malicious advertising campaign uncovered by Cisco Talos has been stealing login credentials and other…

21 hours ago

Waymo, Nuro Launch Robo-Delivery Services In California

Cruise starts robo-delivery service in Mountain View as Waymo plans limited trial of grocery-delivery service…

22 hours ago

NSO Spyware ‘Used To Hack US Diplomats’

Apple alerts employees of US State Department of hacking by NSO Group's controversial Pegasus spyware…

22 hours ago

Starlink Plans Services In India As SpaceX Breaks Launch Record

Starlink to apply for commercial licence to provide satellite broadband services in India, as parent…

23 hours ago

Musk Tesla Share Sale Surpasses $10bn

Elon Musk's Tesla share sell-off surpasses $10 billion as it reaches into fourth consecutive week,…

23 hours ago

Uber To Pay $9m Settlement Over Safety Reporting Failure

Uber agrees to pay $9 million to settle dispute with California regulators over its failure…

24 hours ago