Do
you know that your Facebook account can be accessed by Facebook
engineers and that too without entering your account credentials? Recent
details provided by the social network giant show who can access your
Facebook account and when.
No doubt, Facebook and other big tech companies including Google, Apple
and Yahoo! are trying to keep their data out of reach from law
enforcement and spies agencies by adopting encrypted communication and
end-to-end encryption solutions in near future, but right now they have
access to your personal data, and at least few of their employees can
access it with one click.
Earlier this week, director at the record label Anjunabeats, Paavo Siljamäki, brought attention to this issue by posting
a very interesting story on his Facebook wall. During his visit to
Facebook office in LA, a Facebook engineer logged into his Facebook
account after his permission, but the strange part — they did it without
asking him for the password.
ACCESS WITHOUT NOTIFICATION
Facebook even didn’t notify Siljamäki that someone else accessed his
private Facebook profile, as the company does when your Facebook account
is accessed from any new device or from a different Geo-location.
Siljamäki got in contact with Facebook in order to know how many of
Facebook's staff have this kind of 'master' access to anyone's Facebook
account and when exactly they can access users’ private data, and also,
how would anyone know if his/her Facebook account has been accessed.
When the social network giant asked about how the employee got access to
user’s Facebook account without entering the account credentials,
Facebook issued the following statement:
"We have rigorous administrative, physical, and technical controls in place to restrict employee access to user data. Our controls have been evaluated by independent third parties and confirmed multiple times by the Irish Data Protection Commissioner’s Office as part of their audit of our practices."
WHO CAN ACCESS MY FACEBOOK ACCOUNT?
The company didn’t explain exactly who can access what, but it assured its users that the accounts access is tiered and limited to specific job function. The access to accounts are granted to most employees in order to reply to a customer request for information or error report.
"Designated employees may only access the amount of information that’s necessary to carry out their job responsibilities, such as responding to bug reports or account support inquiries," Facebook goes on explaining. "We have a zero tolerance approach to abuse, and improper behavior results in termination."
In short, the social network giant has a customer service tool
that can grant Facebook employees access to a user’s account. Facebook
runs two separate monitoring systems that generate weekly reports on
suspicious behavior which are then reviewed and analyses by two
independent security teams, specifically a selected group of employees.
Facebook gives a strict warning when hired employees to use this tool
and fired any employee directly who abuse it. So, you need not to worry
about Mark Zuckerberg accessing your account, unless you yourself ask
Facebook for help with something and have given permission.
Source:
The Hacker News
No comments:
Post a Comment