After an investigation, it was found that Meta, the company who owns Facebook, had to let go of more than 20 employees and contractors due to them taking over user accounts illegally. Some were even accused of being bribed, as stated in The Wall Street Journal.
The individuals who were let go worked for a company that had a contract with Meta to deliver security services. Their responsibility was to work as security guards at Meta facilities, which gave them access to an internal Facebook mechanism meant to assist employees with resolving user account issues.
Mechanisms that grant special powers
Facebook has been using a security measure called “Oops” (short for Online Operations) since its early years. This mechanism allows Facebook employees to help users who have forgotten their password, or whose account may have been hacked.
The sources and documents, however, showed that the violations were committed by some employees of the company who accepted thousands of dollars in bribes from external hackers to gain access to user accounts. A source said that the disciplinary measures were part of a long internal investigation supervised by Meta executives.
Andy Stone, a spokesperson for Meta, said: “Fraudsters always target online platforms, including our service platforms. They are constantly trying to adapt their methods to keep up with the hacking methods commonly used on those platforms. We confirm that the company will take all necessary measures against anyone involved in these activities.”
A spokeswoman for Allied Universal – Meta’s security contractor – said: “We take all reports of [certain employees] violating our standards of conduct very seriously.”
Absence of customer service
Meta’s failure to provide adequate customer service, despite having 3 billion users, is indicative of the large and complex problems that the company faces. Although Meta has said it is determined to build a better customer service department in the coming years, these disciplinary measures highlight just how difficult that task will be.
Automated methods to reactivate his account or tries to reach a person from the “Meta” company via phone or e-mail is often unsuccessful, according to many users. As for the last solution that some people resort to, it is contacting an employee or contractor of Meta Company and request registration through their Oops channel.
Oops is supposed to be restricted to specific groups like employees’ friends and family, business partners, or public figures. However, with the recent growth of Meta’s workforce, the frequency of Oops usage has grown as well. In fact, from 2017 to 2020, the number of times people used Oops jumped from 22 thousand to 50,270.
A way to defraud and ask for money
According to the documents seen by the American newspaper, if an employee or contractor wishes to submit a request to the Oops channel, they must provide their email address and answer several questions. These questions include inquiring about the identity of the account owner and whether or not he is part of CEO Mark Zuckerberg’s team, a celebrity, family member or shareholder. The request is then forwarded onto the meta community support team for further review.
Because so many people use social media for work and to handle crucial parts of their lives, some thieves have begun seizing accounts and blackmailing the owners for money. This fraud has ruined businesses and livelihoods—even a stolen Facebook or Instagram account can be sold for tens of thousands of dollars in other online forums.
Some brokers are using this tool to charge users who want to regain control of their accounts.
The Wall Street Journal’s sources have claimed that some of these brokers can contact Meta employees and, consequently, reactivate accounts for a price.
Brooke Millard, a model based in Orange County, California with over 650 thousand Instagram followers said she paid nearly $7000 to get her account back from a Meta breach.
On the other hand, Andy Stone, a spokesman for Meta, said that Facebook’s terms of service are violated when accounts are bought and sold as well as when money is paid for account recovery services.
Furthermore, Meta also looked into some former employees’ possible involvement in user account data seizure, as this was an allegation against the company. These investigations were only done with people who had contact with current employees.
A former security contractor, Kendall Melbourne, revealed that he was paid to reactivate user accounts that had been fraudulently seized. He provided a detailed list of the accounts he tried to reactivate, as well as how much money he earned from doing so.
According to sources and documents seen by the newspaper, an employee of Allied Universal was fired last February after an internal investigation revealed she had assisted hackers in reactivating user accounts – for which they paid her thousands of dollars worth of digital cryptocurrency Bitcoin.
Recently, Allied took action against its employees’ use of Meta’s internal systems by issuing an internal warning message. The message, seen by The Wall Street Journal, included warnings and instructions from the company not to use Meta’s Oops system.