Over the weekend, Jackie Stokes, a cybersecurity consultant, tweeted about having received copies of a text conversation on the dating app Tinder that allegedly depicted a current Facebook engineer bragging about using their privileged access to stalk women online:
I’ve been made aware that a security engineer currently employed at Facebook is likely using privileged access to s… twitter.com/i/web/status/9…
Jackie Stokes ?? (@find_evil) April 30, 2018
On Monday, Stokes followed up with a screen capture of the conversation, saying that she “really, really” hoped that she was wrong about it…
I really, really hope I’m wrong about this. https://t.co/NDkOptx8Hv
Jackie Stokes ?? (@find_evil) April 30, 2018
…and on Tuesday, Facebook fired the engineer.
Alex Stamos, Chief Security Officer at Facebook, sent a statement to NBC News, saying that Facebook is investigating the allegations “as a matter of urgency.”
Employees who abuse Facebook restrictions about what they’re entitled to do with their access will be fired, he said:
It’s important that people’s information is kept secure and private when they use Facebook. It’s why we have strict policy controls and technical restrictions so employees only access the data they need to do their jobs – for example to fix bugs, manage customer support issues or respond to valid legal requests. Employees who abuse these controls will be fired.
NBC News uses a male pronoun in its report, so we’ll follow suit, though I didn’t see Stokes use a gender-specific pronoun in her tweet stream. She went on to say that she’d cross-referenced the engineer’s online profiles to determine that he was likely currently employed by Facebook. She also said that she herself wasn’t one of his targets.
Stokes told NBC News that she was pleased that an investigation was conducted and “an appropriate action taken to improve the trust users need to have in social media platforms to live their lives fully and enjoyably online.” Stokes:
Everyone deserves to feel safe, even on the internet.
Stokes’s original tweet had pondered what she should do about uncovering the alleged stalking. On Tuesday, Stokes sent thanks to all the Facebook employees who reached out to offer help, and to Stamos for his swift actions:
I’d like to thank the many Facebook employees who reached out to me personally to find out what they could do to he… twitter.com/i/web/status/9…
Jackie Stokes ?? (@find_evil) May 02, 2018
On Tuesday, during F8 – Facebook’s annual developer conference – CEO Mark Zuckerberg unveiled, ironically enough, dating features to layer over its main mobile app.
The engineer isn’t the first to face allegations of abusing access to people’s personal information. Back in 2013, a new National Security Agency (NSA) agent allegedly spent his first day on the job snooping on his ex-girlfriend.
The agency has a bit of experience with employees who spy on former, current or future love interests – known, romantically enough, as “lovints” in NSA speak. At the time, NSA inspector general Dr. George Ellard detailed 12 investigations into such “intentional and willful misuse” of spying tools by civilian and military NSA employees. Here are a few:
- 2004: A civilian employee based overseas, upon returning to the US, checked out a foreign phone number she found in her husband’s mobile phone because she suspected her husband had been cheating. She managed to eavesdrop on her husband’s phone communications.
- 1998 to 2003: In a case of serial snoopery, one civilian employee based overseas snooped on the telephones of nine foreign women over the course of five years. The tip-off came from another NSA employee who suspected the subject – an NSA civilian employee who was also her lover – of listening to her phone calls.
- 2011 A subject ran her foreign-national boyfriend’s phone number through the system and came up with some material, which she reviewed. She said that she was in the habit of entering foreign national phone numbers of people she met in social settings to ensure she wasn’t “talking to ‘shady characters’”.
If the Facebook engineer did in fact pull an NSA with his own lovints, it could similarly be the tip of the iceberg. We all know, all too well, that Facebook’s got an uncomfortably deep reservoir of personal information about its billion users. As of December 2017, Facebook employed 25,105 people.
Since Stokes broke the story, several more people have come forward and told similar stories to Motherboard, anonymously:
One former Facebook worker said when they joined the company multiple people had been terminated for abusing access to user data, including for stalking exes.
Another former Facebook employee said that they know of three cases where people were fired because they mishandled data, one of which included stalking.
In this case at least, it seems that Stamos’s has been true to his words: “Employees who abuse these controls will be fired.”
Source : Naked Security