Meta Platforms Inc.
META -2.39%
has fired or disciplined more than two dozen employees and contractors over the last year whom it accused of improperly taking over user accounts, in some cases allegedly for bribes, according to people familiar with the matter and documents viewed by The Wall Street Journal.
Some of those fired were contractors who worked as security guards stationed at Meta facilities and were given access to the Facebook parent’s internal mechanism for employees to help users having trouble with their accounts, according to the documents and people familiar with the matter.
The mechanism, known internally as “Oops,” has existed since Facebook’s early years as a means for employees to help users they know who have forgotten their passwords or emails, or had their accounts taken over by hackers.
As part of the alleged abuse of the system, Meta says that in some cases workers accepted thousands of dollars in bribes from outside hackers to access user accounts, the people and documents say.
The disciplinary actions are part of a lengthy internal probe led by Meta executives, according to the documents and one of the people.
SHARE YOUR THOUGHTS
What concerns do you have about the security and privacy of your social-media accounts? Join the conversation below.
“Individuals selling fraudulent services are always targeting online platforms, including ours, and adapting their tactics in response to the detection methods that are commonly used across the industry,” said Meta spokesman
Andy Stone.
He added that the company “will keep taking appropriate action against those involved in these kinds of schemes.”
A spokeswoman for Meta’s security contractor, Allied Universal, said it “takes seriously all reports of violations of our standards of conduct.”
The firings and disciplinary measures illustrate the vast and complicated problem Meta has supporting more than 3 billion users across its platforms with virtually no customer service, a function the company has said that it is committed to building out in the coming years.
When people are locked out of their accounts, they typically try automated methods for resetting them or try to reach someone at Meta by phone or email, which many users have reported is often fruitless. Some of those people are able to get Meta employees and contractors to fill out a form through the Oops channel as a method of last resort.
Oops, an acronym for Online Operations, is supposed to be fairly limited to special cases, like friends, family, business partners and public figures, but its usage has climbed along with employee head count. In 2020, the channel serviced about 50,270 tasks, up from 22,000 three years earlier, according to an internal document reviewed by the Journal.
To file an Oops report, the employee or contractor lists an email address that they would like to associate with the Facebook or Instagram account being reset.
They must also answer a series of questions—indicating, for example, if the request is being made for someone on CEO
Mark Zuckerberg
‘s team, a celebrity, a family member or a Meta partner, according to documents viewed by the Journal.
The request is then routed to Meta’s community support team.
Because so many people depend on social media for their businesses, or to manage critically important aspects of their lives, gaining illicit control of an account can be lucrative. Stolen Facebook and Instagram handles can be sold for tens of thousands of dollars on other online forums.
But in part because the Oops system is off limits to the vast majority of Facebook users, a cottage industry of intermediaries has developed who charge users money to regain control of their accounts. In interviews with the Journal, some of those third parties claim to have access to Meta employees to help reset accounts.
“When you take someone’s Instagram account down that they’ve spent years building up, you’re taking away their whole means of generating an income,” says Nick McCandless, whose company McCandless Group operates a platform for content creators. Mr. McCandless says he charges his clients to reset accounts, sometimes through a contact he declined to name at Meta.
“You really have to have someone on the inside who will actually do it,” he said.
Brooke Millard, an Orange County-based model with about 650,000 Instagram followers, paid about $7,000 to Mr. McCandless to retrieve her account, after she couldn’t access it for reasons she didn’t understand in December 2021. She said she didn’t ask much about his process.
“I knew obviously it wasn’t him that was doing something,” she said. “He obviously had a connection.”
Mr. Stone, the Meta spokesman, said buying or selling accounts or paying for an account recovery service is a violation of the social network’s terms of service.
Meta is also investigating some former employees for remaining in contact with other workers, allegedly to hijack user accounts. In July, an attorney on behalf of Meta sent a letter to one former security contractor who was fired in 2021, Kendel Melbourne, alleging that he assisted “third parties to fraudulently take control over Instagram accounts,” including after he left the company, according to a copy of the letter.
Meta demanded Mr. Melbourne provide a detailed list of user accounts he had attempted to reset and the money he made doing so.
In the July letter, Meta accused Mr. Melbourne of violating the federal Computer Fraud and Abuse Act and said he has been banned from Facebook and Instagram.
Mr. Melbourne worked at Allied Universal, where security guards were given login credentials to Facebook’s intranet, according to documents and people familiar with the matter. Although it wasn’t covered in training, that access included the ability to request account resets via the company’s internal Oops system. In an interview, Mr. Melbourne described Oops as a perk of the job.
“They didn’t have any set of rules or give you a class on what to expect,” Mr. Melbourne said.
In an email response to the Meta attorney, Mr. Melbourne denied committing fraud and said he reset about 20 accounts on behalf of friends, family and people he trusted.
“Unfortunately I have fell [sic] victim to thinking I was helping people retrieve their accounts,” he said in the response to the attorney. “I will take responsibility for that.”
Meta employees and contractors are given some training on how to use Oops as part of onboarding to the company, and anytime someone files a task in the Oops channel, the system warns employees to be wary of phishing attempts.
Another Allied Universal contractor, Reva Mandelowitz, was fired in February after an internal investigation found that she allegedly reset multiple user accounts on behalf of hackers, receiving thousands of dollars in bitcoin for her services, according to people familiar with the matter and documents viewed by the Journal.
In an interview, Ms. Mandelowitz denied wrongdoing, saying she requested about 20 account resets for friends and family. An unknown person reached out to her online and asked her to do more account resets in January, and then began a campaign of harassment when she refused to cooperate, she said.
Lately, Allied has cracked down on its employees’ use of internal systems, warning in a recent internal message viewed by the Journal “DO NOT use the Meta OOPS platform.”
—Salvador Rodriguez and Jim Oberman contributed to this article.
Write to Kirsten Grind at [email protected] and Robert McMillan at [email protected]
Copyright ©2022 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8
Stay connected with us on social media platform for instant update click here to join our Twitter, & Facebook
We are now on Telegram. Click here to join our channel (@TechiUpdate) and stay updated with the latest Technology headlines.
For all the latest Technology News Click Here
For the latest news and updates, follow us on Google News.
