Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Facebook Privacy

Meta Employees, Security Guards Fired for Hijacking User Accounts (wsj.com) 31

Meta has fired or disciplined more than two dozen employees and contractors over the last year whom it accused of improperly taking over user accounts, in some cases allegedly for bribes, The Wall Street Journal reported Thursday, citing people familiar with the matter and documents. From the report: Some of those fired were contractors who worked as security guards stationed at Meta facilities and were given access to the Facebook parent's internal mechanism for employees to help users having trouble with their accounts, according to the documents and people familiar with the matter. The mechanism, known internally as "Oops," has existed since Facebook's early years as a means for employees to help users they know who have forgotten their passwords or emails, or had their accounts taken over by hackers.

As part of the alleged abuse of the system, Meta says that in some cases workers accepted thousands of dollars in bribes from outside hackers to access user accounts, the people and documents say. The disciplinary actions are part of a lengthy internal probe led by Meta executives, according to the documents and one of the people. "Individuals selling fraudulent services are always targeting online platforms, including ours, and adapting their tactics in response to the detection methods that are commonly used across the industry," said Meta spokesman Andy Stone. He added that the company "will keep taking appropriate action against those involved in these kinds of schemes."

This discussion has been archived. No new comments can be posted.

Meta Employees, Security Guards Fired for Hijacking User Accounts

Comments Filter:
  • merely "fired"? (Score:5, Insightful)

    by Geoffrey.landis ( 926948 ) on Thursday November 17, 2022 @11:25AM (#63058228) Homepage

    They were merely fired?

    Seems they should be arrested. Breaking into somebody's account is a crime under the Computer Fraud and Abuse Act.

    • At a minimum, name and shame, so my lawyers can reach out. The loss caused here is real $$.

      • Even if you're not directly affected, every granny with a retirement account based in the stock market should be suing, since FB carries such a big weight in the markets.

    • by larwe ( 858929 )
      Meta can only fire them and provide the details to law enforcement. Meta can't "citizens arrest" them.
      • by reanjr ( 588767 )

        In California, you can citizen's arrest someone who has committed a felony, even if you were not a direct witness.

        Also, I came across this quote: "In general, the ability to perform a citizen’s arrest is the same for a regular person as it is for a police officer without a warrant."

        Now, obviously, it's still up to the courts to charge the perpetrator, and habeas corpus still applies.

        • by larwe ( 858929 )
          I read that quote too. I read it back in about 1995, when I was still on Fidonet and this information was being circulated in text files. It was ambiguous enough to be essentially "wrong advice" then, and even more so now. Acting on this advice is a fast track to becoming Internet famous and a whole lot poorer and more incarcerated than you are today - even if you aren't part of a multibillion dollar company that's already in the spotlight. The actual text of the relevant legislation in every jurisdiction i
        • by Ksevio ( 865461 )

          I'd really prefer if Meta didn't start up its own police force and start arresting people it knows have committed felonies.

        • It's legally very dangerous to effect a citizen's arrest. Unlike a police officer, private citizens do not have qualified immunity. Any mistake with the myriad technicalities involved in the arrest can expose them to a lawsuit or even criminal prosecution.

          • True. But qualified immunity doesn't change the standards for the arrest, only the penalty for breaking those standards.

            • Thing is, if you're wrong about the individual having committed the crime (or can't prove you're right) then it's a false arrest. Which is a crime. At which point it's nice to have qualified immunity against unintentional breaches of law.

              You don't even have to be wrong about them actually committing the crime. If you don't have probable cause, which is a intricate and tricky legal standard, it's a false arrest. A policeman has immunity for that unless he knows up front that he's making a false arrest. You d

        • In California, you just shout "CITIZENS ARREST!", while the offender has to pull out the phone and Google whether that's actually a legal thing to be done. In this time, you'd hope the actual police put down their donuts long enough to arrive.

    • by Anonymous Coward

      ... contractors who worked as security guards stationed at Meta facilities and were given access to the Facebook internal mechanism for employees to help users having trouble with their accounts

      WTF? So, people can walk in off the street and ask a security to help with their Facebook account?

      Or is this just another Slashdot story where the description is completely wrong and doesn't make sense?

      • is this just another Slashdot story where the description is completely wrong and doesn't make sense?

        Well, that's right from the wall street journal article, so you decide.

      • No, any Facebook employee can walk up to security and ask for help with their corporate Facebook account. It just happens that the permission set extends to any Facebook account.

        When hired, every Facebook employee is warned that the accessing another's Facebook account through such means is recorded and closely monitored and that accessing an account without the owner's explicit permission is a first-time firing offense. The warning (and the fact you'll be fired for it) is repeated at the time of access too

    • They were merely fired?

      Seems they should be arrested. Breaking into somebody's account is a crime under the Computer Fraud and Abuse Act.

      It's META. Whatever happens in the MetaVerse stays in the MetaVerse, right?

  • by awwshit ( 6214476 ) on Thursday November 17, 2022 @11:32AM (#63058246)

    Since when does a security guard (let alone a contractor security guard) get access to the Admin portal? That is a corporate structure failure.

  • The mechanism, known internally as "Oops,"

    • Facebook refers to employee's use testing Facebook products as "Dogfooding". I've heard the expression "eating your own dog food" before, but at Meta it is the formal term for it. Yeah, they are trying to make it fun to work there, but it just comes off as corny.
  • But if I have a company that needs security guards in its buildings I don't want them distracted from their duties by having to help anyone with an network/service/whatever account problem.

  • I'm shocked, shocked to find that humans are the weakest link in a security system.

God made the integers; all else is the work of Man. -- Kronecker

Working...