Meta has allegedly fired and/or discipled more than 12 employees for hacking into users’ Facebook and Instagram accounts on the behalf of hackers.
According to the Wall Street Journal (WSJ), which broke the story on November 17, some of the hacking cases involved bribery, with employees being paid thousands of dollars to hack into the accounts.
According to an internal investigation into the account hijacking, those fired by Meta included contractors employed at the company’s facilities as security guards. They were able to hack into unsuspecting victim’s accounts after being allowed access to Online Operations, known as ‘OOps’, a tool used to help users log back into their accounts after being locked out or forgetting their login details.
Access to OOps is usually heavily regulated, with the vast majority of users being unable to access it and having to use Meta’s other avenues for account recovery. However, this has led to a rise in a so-called “cottage industry of intermediaries” who charge users thousands of dollars to reset their accounts.
To be able to take advantage of OOps, outsiders must “really have to have someone on the inside who will actually do it”, according to Nick McCandless, owner of content creation platform McCandless Group.
An internal document accessed by the WSJ showed that this alternative to the usual account recovery procedure which the majority of users have to go through in the event they cannot access their account, processed 50,720 tasks in 2020, a 77 percent increase in use from 2017.
In the document viewed by the WSJ, a former employee fired in February of this year was allegedly accused of working with hackers and being paid thousands of dollars in Bitcoin to reset multiple Facebook accounts for them. The employee accused has denied any wrongdoing.
Another individual claimed that they were tricked into filling out OOps forms and allowing third parties access to a number of Instagram accounts. The third parties then fraudulently took over the accounts.
Andy Stone, a spokesperson for Meta, said to the Wall Street Journal that “individuals selling fraudulent services are always targeting online platforms, including ours”, and that they are “adapting their tactics in response to the detection methods that are commonly used across the industry”. He added that Meta? will “keep taking appropriate action against those involved in these kinds of schemes”.
Stone also noted that buying or selling accounts, or access to account recovery services, is a violation of Meta’s terms of service.
Meta is currently investigating former employees who allegedly stayed in contact with their former coworkers to retain access to OOps and hack into accounts.
29 November, 2022
November 30, 2022
December 06 – 07, 2022
Hilton London Canary Wharf
13 December, 2022
January 17, 2023
Free CS Hub Online Event
February 21 – 24, 2023
Insights from the world’s foremost thought leaders delivered to your inbox.
11:00 AM – 12:00 PM SGT
11:00 AM – 12:00 PM EST
11:00 AM – 12:00 PM SGT
Reach Cyber Security professionals through cost-effective marketing opportunities to deliver your message, position yourself as a thought leader, and introduce new products, techniques and strategies to the market.
Join CSHUB today and interact with a vibrant network of professionals, keeping up to date with the industry by accessing our wealth of articles, videos, live conferences and more.
Cyber Security Hub, a division of IQPC
Become a Member today!
Already an IQPC Community Member?
Sign in Here or Forgot Password
Sign up now and get FREE access to our extensive library of reports, infographics, whitepapers, webinars and online events from the world’s foremost thought leaders.
We respect your privacy, by clicking ‘Subscribe’ you will receive our e-newsletter, including information on Podcasts, Webinars, event discounts, online learning opportunities and agree to our User Agreement. You have the right to object. For further information on how we process and monitor your personal data click here. You can unsubscribe at any time.