Facebook users might not like it, but it is a fact that their accounts can be accessed by the employees at the social network without the need for passwords. However, the social network told VentureBeat that it is part of a tiered and strictly managed customer support setup, and employees misusing it are fired.
Approved by authorities
“Access is tiered and limited by job function, and designated employees may only access the amount of information that’s necessary to carry out their job responsibilities, such as responding to bug reports or account support inquiries,” a Facebook spokesperson told VentureBeat. The spokesperson further said the company keeps a strict watch on suspicious behaviors, and for this it has designed two separate systems that generate reports on a weekly basis. Two independent security teams are assigned the task of reviewing these reports.
The company tries its best to restrict the access of its employees to user data, and for this it has designed several rigorous administrative, physical and technical controls. Facebook further informed the website that the controls it exercises have been tested and approved by independent third parties. Also the Irish Data Protection Commissioner’s Office has confirmed such controls several times during an audit of the company’s practices.
“We have a zero tolerance approach to abuse, and improper behavior results in termination,” the spokesperson told VentureBeat.
Why Facebook came up with explanation
The explanation from the social network follows an account from Paavo Siljamäki (director at the record label Anjunabeats), who recently visited the company’s office.
On his visit to Facebook’s offices at L.A., Siljamäki noticed several people giving their input on how the usage of Facebook could be made better. He gave his consent to experts when they asked him if they could have a look at his Facebook profile. After taking his permission, an engineer logged into Siljamäki’s account without entering any password. This made Siljamäki wonder how many of the company’s staff members have the right to access users’ accounts without the need to enter their passwords.
“Just made me wonder how many of Facebook’s staff have this kind of ‘master’ access to anyone’s account?” Siljamäki noted.