A Facebook employee reportedly exploited work-granted access to stalk women online, the social media giant confirmed to NBC News.
The alleged incident was brought to public attention when the founder of the cyber security consulting firm Spyglass Security, Jackie Stokes, tweeted the accusation about a Facebook engineer.
She claimed she received copies of a conversation that took place between the accused employee and an unidentified woman on the dating app Tinder, which clearly showed he misused the “privilege access.”
I’ve been made aware that a security engineer currently employed at Facebook is likely using privileged access to stalk women online.— Jackie Stokes ???? (@find_evil) April 30, 2018
I have Tinder logs. What should I do with this information?
In her Twitter thread, she also added a screenshot of a text message in which one of the participants was boasting about being a “professional stalker” — which goes well beyond the mere security analyst he technically was.
I really, really hope I’m wrong about this. pic.twitter.com/NDkOptx8Hv— Jackie Stokes ???? (@find_evil) April 30, 2018
Representatives of the social media company reached out to Stokes and according to Alex Stamos, the company’s chief security officer, Facebook is investigating the claim“as a matter of urgency.”
“It’s important that people’s information is kept secure and private when they use Facebook,” Stamos said. “It’s why we have strict policy controls and technical restrictions so employees only access the data they need to do their jobs — for example to fix bugs, manage customer support issues or respond to valid legal requests. Employees who abuse these controls will be fired.”
Staying true to his word, the company did indeed terminate the employee who was blatantly using internal tools to track down women online.
The Tinder exchange Stokes shared may not exactly appear to be abuse, but she tweeted she had more evidence she did not release to the public.
Sorry journos! I really respect your profession, but I won’t be sharing any additional detail regarding the Facebook issue beyond their security team.— Jackie Stokes ???? (@find_evil) April 30, 2018
Feel free to reach out, but there’s nothing here besides my source, who deserves protection.
However, Stokes did raise a suspicion that the ability to link one’s Tinder account with Instagram — which is owned by Facebook — may have granted access to the accused employee to track the woman.
"I have a suspicion that her Instagram account which was connected to Tinder was used to identify her," Stokes wrote in a tweet. "The question is whether he was able to find the information he gave her in chat (which caused her, a software engineer herself, to be terrified) by identifying her on Facebook."
Upon hearing word of the employee’s termination, Stokes voiced her appreciations for the company’s promptness in addressing the issue.
"I am pleased an investigation was conducted and an appropriate action taken to improve the trust users need to have in social media platforms to live their lives fully and enjoyably online," Stokes told NBC News. "Everyone deserves to feel safe, even on the Internet."
The social media company’s timely action can be attributed to the fact Facebook has been a subject of mounting scrutiny for its inability to protect users’ data and privacy. Especially when the CEO Mark Zuckerberg himself admitted Facebook also collects data on non-users, it makes sense the company didn’t want to take any risks with an employee who was conveniently using the privileged access to sneak around online.
Banner Image Credits: REUTERS/Dado Ruvic