WSJ report: Meta employees, security guards fired for hijacking user accounts
WSJ report: Meta employees, security guards fired for hijacking user accounts
Meta Platforms has fired or disciplined more than two dozen employees and contractors over the past year who were accused by the company of improperly taking over user accounts -- in some cases allegedly for bribes, according to a report by The Wall Street Journal (WSJ).
The article published Thursday said some of those fired were contractors who worked as security guards stationed at Meta facilities and were given access to the Facebook parent’s internal mechanism for employees to help users having trouble with their accounts.
The mechanism known as “Oops” is a way for employees to help users they know who've forgotten their passwords or emails, or had their accounts hacked.
As part of the alleged abuse of the system, Meta said that in some cases workers accepted thousands of dollars in bribes from outside hackers to access user accounts, according to interviews and documents cited by the WSJ.
The disciplinary actions are part of a lengthy internal probe led by Meta executives, according to the documents reviewed by WSJ and one of the sources interviewed.
“Individuals selling fraudulent services are always targeting online platforms, including ours, and adapting their tactics in response to the detection methods that are commonly used across the industry,” Meta spokesman Andy Stone said in a statement to the newspaper. He added that the company “will keep taking appropriate action against those involved in these kinds of schemes.”
Stone, the Meta spokesman, told WSJ that buying or selling accounts or paying for an account recovery service is a violation of the social network’s terms of service.
Meta is also investigating some former employees for remaining in contact with other workers, allegedly to hijack user accounts, according to the WSJ report. In July, an attorney on behalf of Meta sent a letter to one former security contractor who was fired in 2021, Kendell Melbourne, alleging that he assisted “third parties to fraudulently take control over Instagram accounts,” including after he left the company, according to a copy of the letter.
Meta demanded Melbourne provide a detailed list of user accounts he had attempted to reset and the money he made doing so, the newspaper said. The letter accused Melbourne of violating the federal Computer Fraud and Abuse Act.
Melbourne worked at Allied Universal, where security guards were given login credentials to Facebook’s intranet, the WSJ said. That access included the ability to request account resets via the company’s internal Oops system.
Melbourne denied committing fraud and said he reset about 20 accounts on behalf of friends, family and people he trusted.
Another Allied Universal contractor, Reva Mandelowitz, was fired in February, the WSJ said, after an internal investigation found that she allegedly reset multiple user accounts on behalf of hackers, receiving thousands of dollars in bitcoin for her services.
In an interview with the WSJ, Mandelowitz denied wrongdoing, saying she requested about 20 account resets for friends and family. Mandelowitz told the WSJ an unknown person reached out to her online and asked her to do more account resets in January, and then began a campaign of harassment when she refused to cooperate.
Allied has cracked down on its employees’ use of internal systems of late, the WSJ said, warning in a recent internal message viewed by the newspaper “DO NOT use the Meta OOPS platform.”
