some-meta-employees-and-security-guards-hacked-user-accounts

Share news article

Share on facebook
Share on twitter
Share on linkedin
Share on email

Some Meta Employees and Security Guards Hacked User Accounts

Meta Platforms Inc. has fired over two dozen personnel and contractors within the past year for hijacking user accounts on Facebook and Instagram. Reportedly, some of them hijacked the accounts for bribes.

What Happened?

The Wall Street Journal reported that the fired individuals included on-contract security guards who worked for Meta and could access an internal tool that let employees allow users they knew to access their accounts when they forgot passwords/emails or hacked them.

This mechanism was called Oops (Online Operations). It has been a part of the Facebook infrastructure for years. This system couldn’t be accessed by most of the platform’s users. 

So, this led to the rise of a “cottage industry of intermediaries.” These people charged users thousands of dollars to reach out to insiders to reset their accounts. The Journal reported that this system is estimated to have processed at least 50,270 reports in 2020, which was much higher than 22,000 in 2017.

  1. Unencrypted drives with data of 29k Facebook employees stolen
  2. SpaceX employee admits security fraud, insider trading on dark web
  3. User claims Facebook employees scanned his file sent in private chat
  4. Facebook stored 600m passwords in plain text exposed to employees
  5. HackerOne Fires Employee for Stealing Reports, Collecting Bug Bounties

How Did the Hijacking Occur?

After people got their accounts locked, they tried automated methods to reset them or reached out to Meta’s representatives via phone or email, which wasn’t much help. As a last resort, these users contacted Meta employees and contractors to get the issue resolved via the Oops channel.

In one incident, according to WSJ’s report, an ex-security contractor assisted unidentified third parties in taking over Instagram accounts fraudulently, and the user was tricked into filling in Oops reports to reset the impacted account. In another instance, a former contractor, fired after an internal probe, reset multiple users’ accounts for hackers in exchange for Bitcoin payments.

Meta Launched Internal Probe

Meta was forced to take disciplinary action against the hijackers. But this is going to be a lengthy probe. Meta executives will lead the investigation.

The company’s spokesperson, Andy Stone, stated that online platforms like Meta are frequently targeted by people who sell fraudulent services. These individuals are continuously adapting their techniques to respond to the detection methods used across the industry. Stone added that Meta would take appropriate action against the wrongdoers.

Top/Featured Image via Unsplash/xITnxxlzGAE

Related News

Nearly 500 million WhatsApp User Records Sold Online

Nearly 500 million WhatsApp User Records Sold Online

In what is becoming a rather common trend, a threat actor is claiming to sell 487 million WhatsApp users’ mobile…
How to Create ISO Files from Discs – 3 Best Ways

How to Create ISO Files from Discs – 3 Best Ways

An ISO file is a disk image of an optical disc. It is a single file that contains all the…
All You Need to Know About Emotet in 2022

All You Need to Know About Emotet in 2022

For 6 months, the infamous Emotet botnet has shown almost no activity, and now it’s distributing malicious spam. Let’s dive…