Snapchat has landed in a soup, what with reports coming in of the manner, where its employees have misused some of their own internal tools to spy on user data. No wonder, this happens to be a gross violation of user’s privacy rights as well as the company’s own regulations in this regard.
As revealed by two ex-employees, a present employee as well as a few internal emails that got leaked, Snap does have in place a special tool named SnapLion which the company said provides them access to sensitive user info. The company also justified the existence of such a tool saying it helps them service requests from the government or law enforcement agencies to provide info on specific users.
Also, to prevent any misuse of the tool, Snap has in place regulations that restrict special internal divisions such as the Spam and Abuse division, the Customer Ops section or the security staff that have access to the tool. Unfortunately, it is a few employees from the above-mentioned team that misused the privileges bestowed upon them and access sensitive user info.
Among the data that the employees are known to have had accessed include user info such as their phone numbers and email addresses apart from location data as well as saved snaps. The popular social media company does collect these data along with a few other details such as message info as well as some Memories.
Snapchat also responded to the allegation saying the security and privacy of user info are of paramount importance to them. The company also said they store very little user info and whatever data is stored in their server is guarded by well laid out policies and regulation which the company makes it a point that the employees adhere to without any lapses as such.
The former employees also revealed Snap did have quality measures to prevent data leakage such as the one mentioned here. However, there weren’t enough means to monitor those who use the tool to gather user info, something that the company did work in lately. For instance, Snap has since employed end-to-end encryption on its services to ensure better user data protection.