Facebook employees hacked into accounts for bribes
Some of the employees were security agents who work for a subcontractor but had access to an internal company tool.
The fault was gaping and the pirates rushed into it. The Wall Street Journal reveals that Meta - parent company of Facebook and Instagram - fired more than "two dozen employees and contractors last year", facing corruption charges. Clearly, these employees would have accepted bribes of several thousand dollars to allow hackers to appropriate Facebook or Instagram accounts.
For an employee of the group, nothing could be simpler. If the company doesn't have customer service to help with account recovery, they have an internal tool that makes it easy to recover a lost password or reactivate a suspended account.
Called "Oops" for "Online Operations", this service is usually the last step to achieve this, after failing to use the automatic tools. It is theoretically intended for celebrities, Meta partners or people around Mark Zuckerberg. Confidential, it is nevertheless increasingly used: from 22,000 times in 2017 to 50,000 times in 2020.
Concretely, a Meta employee or even a subcontractor transmits an email address of an account being reset to a support team which is responsible for restarting it and transmitting a new password. Nothing complicated.
A gaping security flaw within Meta which has seen the development of a parallel business. Against several thousand dollars, an entrepreneur specialized in the reactivation of suspended accounts, thanks to in-house help.