25 May 2019

Snapchat privacy breach (Newsflash: others do it too!)


Just because messages and videos on Snapchat sent in Chat disappear after being read doesn't mean that this content is safely hidden from prying eyes. According to Motherboard (via SlashGear), this data does end up on Snapchat's servers, even if for a brief period of time. And apparently, some employees of Snap (Snapchat's publicly traded parent company) used a special tool to access this content.

Using a tool called SnapLion, created to help law enforcement access information from Snapchat accounts (with a court order or subpoena), some Snap employees were able to access customer data. Snaps that had not yet been deleted, location data, email addresses, and phone numbers were allegedly viewed illegally by people working for the company. These allegations were made by former Snap employees.

Not every person working for the firm uses the SnapLion tool illegally. It is employed by Snapchat's security team and those inside the company who are looking out for members who create abusive posts that bully, harass or spam other members. Snapchat monitors those who use the tool, but apparently, this is not a perfect system according to a former employee. Another person who used to work for Snap said that having access to SnapLion was like owning "the keys to the kingdom."

A Snap employee wouldn't admit that the SnapLion tool was abused by employees, but did say that the company had a "good system in place" to prevent such things from occurring "most likely earlier than any startup in existence."

Snap did issue a statement in which it claims to hold on to only a small amount of user data. The company added that its "robust policies and controls" limit who can see it and anyone employee who views the information without proper authorization is immediately fired.
"Protecting privacy is paramount at Snap. We keep very little user data, and we have robust policies and controls to limit internal access to the data we do have. Unauthorized access of any kind is a clear violation of the company's standards of business conduct and, if detected, results in immediate termination."-Snap spokesman

This past January, Snapchat added end-to-end encryption three years after Amnesty International had Snapchat ranked as one of the least protected messaging apps in terms of member privacy.

Source: phonearena.com

No comments: