Latest Threat Research: LetMeowIn – Analysis of a Credential Dumper

Get Informed

Search

Snapchat Employees Abusing Consumer Data Tool

It has been reported that multiple employees within the company have abused their access to a tool that is used by Snapchat dubbed SnapLion. The tool’s main function is to access user’s data per request of law enforcement when they are conducting investigations. The access to the keys which allow viewing the information has expanded since the inception of the tool and teams within Snapchat such as spam and abuse teams, customer operations teams, and security teams are all able to access the information. Multiple employees have come forth with instances where they specifically saw the tools being abused by their coworkers, but they did not give details on the incidents. In some cases, these employees were able to view saved Snaps, videos, location information, phone numbers, and email addresses. Although in recent times, Snapchat has implemented logging tools to help identify what type of data employees are accessing while on their network, it is still easy for it to be covered up. A spokesperson for Snapchat stated, “we keep very little user data, and we have robust policies and controls to limit internal access to the data we do have. Unauthorized access of any kind is a clear violation of the company’s standards of business conduct and, if detected, results in immediate termination.” Snapchat is not the only social media giant to be under fire for similar issues as we have seen Facebook face backlash for poor data security.

Analyst Notes

Snapchat users should be more cautious as to what information and content they reveal within the app. Location services are suggested to be turned off and users should also be aware that their email and phone number can be accessed. Because of this, users should be on the lookout for spam campaigns and SMS scams as they liable to increase.