Sunday, 1 March 2015

FACEBOOK EMPLOYEE CAN ACCESS ANYONE'S ACCOUNT WITHOUT PASSWORD

Our Facebook timeline and private stuff can be accessed by Facebook engineers anytime, any day without even having your password or asking permission from you. Facebook says that this is being done for greater good,oh really?
Paavo Siljamäki, director of record label, Anjunabeats, dropped in to the Facebook office for for enquiring about how to use Facebook optimally for his record label promotion. He however witnessed a pretty shocking scene when the person behind the desk at the Facebook office logged into his Facebook account without even entering password, though he was politely asked for permission to access it.
Siljamäki thought this a bit odd and made a Facebook post about it, here is what he had to say,
Your Facebook account including private data can be viewed by a Facebook employee

The most important thing about Facebook employee accessing Siljamäki’s profile was that, the user did not get even a token email that his profile page was being accessed. Secondly, the number of Facebook employees having such a ‘master key’or authority to access  Facebook users pages is also unknown.
Facebook issued a official statement about this fact :
“We have rigorous administrative, physical, and technical controls in place to restrict employee access to user data. Our controls have been evaluated by independent third parties and confirmed multiple times by the Irish Data Protection Commissioner’s Office as part of their audit of our practices.”
“Access is tiered and limited by job function, and designated employees may only access the amount of information that’s necessary to carry out their job responsibilities, such as responding to bug reports or account support inquiries. Two separate systems are in place to detect suspicious patterns of behavior, and these systems produce reports once per week which are reviewed by two independent security teams.”
“We have a zero tolerance approach to abuse, and improper behavior results in termination.”

In this press released, Facebook didnt explain as how many ‘elite’ employees are there who had such kind of access but made one thing clear that they had zero tolerance for abuse of such powers.
Facebook said that the customer service tool which is used to access any Facebook user account is heavily monitored and controlled with perfect check and balance, it requires consent from the user (in Siljamäki’s case verbal approval was taken) and can only be used in specific cases by a select group of employees.
Facebook statement says that if any employee will misuse such power will be immediately fired but that will come at a later stage when the abuse had already happened.
What will happen to the Facebook users whose Facebook accounts are abused in any which way with a malafide intent by any employee or group of employees? this question remains unanswered.

No comments:

Post a Comment