Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Security Privacy Technology

Snapchat Employees Abused Data Access To Spy on Users (vice.com) 28

Several departments inside social media giant Snap have dedicated tools for accessing user data, and multiple employees have abused their privileged access to spy on Snapchat users, Motherboard reported on Thursday. From the report: Two former employees said multiple Snap employees abused their access to Snapchat user data several years ago. Those sources, as well as an additional two former employees, a current employee, and a cache of internal company emails obtained by Motherboard, described internal tools that allowed Snap employees at the time to access user data, including in some cases location information, their own saved Snaps and personal information such as phone numbers and email addresses. Snaps are photos or videos that, if not saved, typically disappear after being received (or after 24 hours if posted to a user's Story). [...] Although Snap has introduced strict access controls to user data and takes abuse and user privacy very seriously according to several sources, the news highlights something that many users may forget: behind the products we use everyday there are people with access to highly sensitive customer data, who need it to perform essential work on the service. But, without proper protections in place, those same people may abuse it to spy on user's private information or profiles.
This discussion has been archived. No new comments can be posted.

Snapchat Employees Abused Data Access To Spy on Users

Comments Filter:
  • Wow... (Score:4, Funny)

    by Lab Rat Jason ( 2495638 ) on Thursday May 23, 2019 @02:56PM (#58643736)

    I'm shocked... SHOCKED... that this would happen.

  • Hm... (Score:5, Insightful)

    by argStyopa ( 232550 ) on Thursday May 23, 2019 @03:05PM (#58643776) Journal

    ...yeah, "we promise we won't keep those often-intimate snaps at all" cross our heart!

    And now people are surprised that wasn't true?

    The next time you laugh sadly because Grandma was 'taken in' by some shyster pretending to be a Nigerian prince, well, you might want to think of how many snapchats you might regret out there.

    • you might want to think of how many snapchats you might regret out there.

      The number for me is zero, simply because I have never used it.

      I also suspect that, given it's typical use, the number is zero for many people posting on /.

    • That number is exactly zero, simply because I do not take pictures of things that I might regret and if I did, the last place I would do so is in Snapchat. Neither will I ever send photos, video or anything else to anybody if there is any chance of it being incriminating in some shape or form, not even to myself. I simply keep shit like that to myself. If there is a video or a picture of me out there, there is nothing in it, that I'm capable of standing behind 100%. It's a pretty simple rule to live by actu
  • by Anonymous Coward

    behind the products we use everyday there are people with access to highly sensitive customer data, who need it to perform essential work on the service

    See, their need to access highly sensitive customer data is trumped by the fact that I assume all forms of social media and apps are ran by greedy assholes and morons, and I have no intention of sharing highly sensitive data with them in the first place.

    If you're not my bank, and you're not my health provider (and therefore covered by applicable laws) ... t

  • Well, of course (Score:4, Insightful)

    by hduff ( 570443 ) <hoytduff@[ ]il.com ['gma' in gap]> on Thursday May 23, 2019 @03:22PM (#58643882) Homepage Journal

    No amount of "we won't ever look at your data" will keep it from curious eyes.

    • A simple amount of e2e cryptography will. But the users are the product, not the customers so privacy will never be a feature .

  • by marcle ( 1575627 ) on Thursday May 23, 2019 @03:27PM (#58643910)

    As an IT guy, you've got to have administrative access to the systems you're working on in order to do your job. If you're a professional, you don't abuse that access. If you've got more than one IT guy doing it, you've definitely got a management problem. But there ain't no way you're gonna wall off the data from the techies.

    • by Solandri ( 704621 ) on Thursday May 23, 2019 @03:55PM (#58644088)
      It's easy to wall off data from the techies. The "data" isn't the bits. It's the information those bits represent. So you just implement client-side encryption. The data still gets stored on your servers, but it's encrypted by the client before it ever gets to you. Your techies can access it, but it'll be gibberish ciphertext to them. Only the user (using a client with the correct decryption key) will be able to see the plaintext version. Communications between two people (like SnapChat) just need to be encrypted using public/private key pairs.

      The main reasons cloud service companies don't do this is (1) they don't want to deal with tech support calls from users who have forgotten their password or whose clients have lost their encryption key, and (2) so they can spy on their users by reading their data and sell the information to marketers.
    • by ceoyoyo ( 59147 )

      There's no reason at all why anybody but the two endpoints need to have access to the data.

  • by nehumanuscrede ( 624750 ) on Thursday May 23, 2019 @03:33PM (#58643956)

    This is also why I don't do Cloud unless my data is encrypted ( my encryption, not theirs ) before transmission to said Cloud.

    It's human nature to be nosy. If you put ANY data out there, SOMEONE is going to go through it regardless if you want them to or not.

  • Well it sure is a good thing that nobody ever sends anything "sensitive" in nature over Snapchat... Damn.... Nevermind....

  • Seriously, if your company/agency is keeping private data on people, you can just about guarantee that it's gonna be abused by the employees. It's happened at the IRS, it's happened with multiple police, it's happened at FBI, NSA, and virtually every social media place. People look up their friends and enemies. The question is, WTF can we do about it?

    • For agencies like those you mention it's a question about restricting access to a small number of people and restrict the scope of their access. Sure, you will always have that police chief or higher-ups that will misuse their credentials, but I think that's the best we can do. Encrypt everything and log every access to anything of importance. If someone looks up an address in the system, log that search. If someone pulls up files from a backup, log that shit. There will still be people who can't keep their
  • One of my first 'real' jobs was as an e-commerce programmer. One day I was doing some testing and looked in the database to make sure the data read through. I was shocked to find whoever set up the site had left all customer data in plain data fields, open to see/download by anyone who had access. If I was evil, I could have dumped tens of thousands of rows of customer addresses, credit cards, etc. and done who knows with it (we were running SQL Server 2000, which meant it could have been real real easy

As you will see, I told them, in no uncertain terms, to see Figure one. -- Dave "First Strike" Pare

Working...