Do you know that your Facebook account can be accessed by Facebook engineers and that too without entering your account credentials? Recent details provided by the social network giant show who can access your Facebook account and when.
No doubt, Facebook and other big tech companies including Google, Apple and Yahoo! are trying to keep their data out of reach from law enforcement and spies agencies by adopting encrypted communication and end-to-end encryption solutions in near future, but right now they have access to your personal data, and at least few of their employees can access it with one click.
Earlier this week, director at the record label Anjunabeats, Paavo Siljamäki, brought attention to this issue by posting a very interesting story on his Facebook wall. During his visit to Facebook office in LA, a Facebook engineer logged into his Facebook account after his permission, but the strange part — they did it without asking him for the password.
ACCESS WITHOUT NOTIFICATION
Facebook even didn’t notify Siljamäki that someone else accessed his private Facebook profile, as the company does when your Facebook account is accessed from any new device or from a different Geo-location.
Siljamäki got in contact with Facebook in order to know how many of Facebook's staff have this kind of 'master' access to anyone's Facebook account and when exactly they can access users’ private data, and also, how would anyone know if his/her Facebook account has been accessed.
When the social network giant asked about how the employee got access to user’s Facebook account without entering the account credentials, Facebook issued the following statement:
"We have rigorous administrative, physical, and technical controls in place to restrict employee access to user data. Our controls have been evaluated by independent third parties and confirmed multiple times by the Irish Data Protection Commissioner’s Office as part of their audit of our practices."
WHO CAN ACCESS MY FACEBOOK ACCOUNT?
The company didn’t explain exactly who can access what, but it assured its users that the accounts access is tiered and limited to specific job function. The access to accounts are granted to most employees in order to reply to a customer request for information or error report.
"Designated employees may only access the amount of information that’s necessary to carry out their job responsibilities, such as responding to bug reports or account support inquiries," Facebook goes on explaining. "We have a zero tolerance approach to abuse, and improper behavior results in termination."
In short, the social network giant has a customer service tool that can grant Facebook employees access to a user’s account. Facebook runs two separate monitoring systems that generate weekly reports on suspicious behavior which are then reviewed and analyses by two independent security teams, specifically a selected group of employees.
Facebook gives a strict warning when hired employees to use this tool and fired any employee directly who abuse it. So, you need not to worry about Mark Zuckerberg accessing your account, unless you yourself ask Facebook for help with something and have given permission.
Source:
The Hacker News via donokereke.blogspot.co.uk
Comments
Post a Comment