Motherboard reported claims Wednesday from current and former Facebook employees who said that multiple people have lost their jobs at the company for accessing privileged user data for stalking. This comes shortly after Facebook confirmed to NBC News earlier this week that it had fired an security engineer who allegedly stalked a woman online.
The alleged stalking behavior first came to light on Sunday, when cybersecurity consultant Jackie Stokes claimed on Twitter that she had obtained copies of a text conversation in which a Facebook engineer identified himself as “professional stalker” to a woman he’d met on Tinder.
The Wall Street Journal reports that the woman contacted Stokes’ company, Spyglass Security Consulting LLC, about the interaction and noted that the man had also managed to uncover personal details about her, including the name of her coding project on GitHub. Stokes said she then verified that the man was a Facebook employee by cross-referencing his Tinder profile with his LinkedIn and Keybase accounts.
While Stokes acknowledged that it is unclear whether the man did in fact improperly access the woman’s Facebook account, the company nevertheless launched an investigation that resulted in his firing.
Alex Stamos, Facebook’s chief security officer, told NBC , “We are investigating this as a matter of urgency. It’s important that people’s information is kept secure and private when they use Facebook. It’s why we have strict policy controls and technical restrictions so employees only access the data they need to do their jobs—for example to fix bugs, manage customer support issues or respond to valid legal requests. Employees who abuse these controls will be fired.”
Anonymous sources familiar with Facebook’s security team further told Motherboard that they know of multiple people who have been fired from the company for using access to private user info for stalking. Some of these cases reportedly involved engineers keeping tabs on exes. Facebook typically does not inform the public of those dismissals, and employees are bound by strict nondisclosure agreements. The company told Motherboard that it uses automated systems to detect and prevent abuse of data and that its internal interface presents employees with warnings and reminders about Facebook’s data-privacy policy whenever they try to access sensitive info.
Previous reports have suggested that rogue employees spying on consumers is also a problem among ride-sharing companies. In 2016, Uber agreed to pay a $20,000 fine to regulators in New York for allowing a wide swath of its employees to access its “God View” tool that tracks rider and driver locations. Authorities first caught on to the issue after an Uber executive used the tool to locate a BuzzFeed reporter. In January, Lyft said it was investigating claims that employees were using ride-sharing data to snoop on exes, significant others, people they found attractive, and celebrities.
