Meta Platforms Inc. has fired over two dozen personnel and contractors within the past year for hijacking user accounts on Facebook and Instagram. Reportedly, some of them hijacked the accounts for bribes.
The Wall Street Journal reported that the fired individuals included on-contract security guards who worked for Meta and could access an internal tool that let employees allow users they knew to access their accounts when they forgot passwords/emails or hacked them.
This mechanism was called Oops (Online Operations). It has been a part of the Facebook infrastructure for years. This system couldn’t be accessed by most of the platform’s users.
So, this led to the rise of a “cottage industry of intermediaries.” These people charged users thousands of dollars to reach out to insiders to reset their accounts. The Journal reported that this system is estimated to have processed at least 50,270 reports in 2020, which was much higher than 22,000 in 2017.
- Unencrypted drives with data of 29k Facebook employees stolen
- SpaceX employee admits security fraud, insider trading on dark web
- User claims Facebook employees scanned his file sent in private chat
- Facebook stored 600m passwords in plain text exposed to employees
- HackerOne Fires Employee for Stealing Reports, Collecting Bug Bounties
How Did the Hijacking Occur?
After people got their accounts locked, they tried automated methods to reset them or reached out to Meta’s representatives via phone or email, which wasn’t much help. As a last resort, these users contacted Meta employees and contractors to get the issue resolved via the Oops channel.
In one incident, according to WSJ’s report, an ex-security contractor assisted unidentified third parties in taking over Instagram accounts fraudulently, and the user was tricked into filling in Oops reports to reset the impacted account. In another instance, a former contractor, fired after an internal probe, reset multiple users’ accounts for hackers in exchange for Bitcoin payments.
Meta Launched Internal Probe
Meta was forced to take disciplinary action against the hijackers. But this is going to be a lengthy probe. Meta executives will lead the investigation.
The company’s spokesperson, Andy Stone, stated that online platforms like Meta are frequently targeted by people who sell fraudulent services. These individuals are continuously adapting their techniques to respond to the detection methods used across the industry. Stone added that Meta would take appropriate action against the wrongdoers.
Top/Featured Image via Unsplash/xITnxxlzGAE