New scandal at Meta! During an internal investigation, the company discovered a real black market, some employees having taken control of Facebook and Instagram accounts to resell them to hackers…
Data protection has always been a sensitive subject for Meta, the parent company of Facebook, Instagram, Messenger and WhatsApp. It must be said that the firm is regularly at the heart of scandals because of leaks, thefts – whether through phishing or theft of access tokens – or even exploitation by third parties. Last month alone, more than a million Facebook passwords were stolen through rogue apps and fake login pages. It must be said that the phenomenal amount of data that Meta has represents a veritable gold mine for those who manage to seize it, including for the company’s employees! Thus, a few days ago, the famous and very serious wall street journal revealed that Meta had just sanctioned around twenty employees and subcontractors – in particular security officers from the Allied Universal group – for having hijacked Facebook and Instagram accounts in 2021. These dishonest people had even set up a veritable black market where they resold confidential information to hackers and unscrupulous companies for several thousand dollars. Enough to create a real “metagate”…
To commit their crimes, the accused took advantage of their access to the Oops tool (for Online Operations). This is Meta’s own system for recovering a Facebook or Instagram account after it has been hacked, forgotten or banned. It’s supposed to be used exceptionally to help celebrities, employees’ relatives and Mark Zuckerberg’s connections – it’s also sometimes used to recover a deceased person’s account. However, its number of uses has exploded in recent years. As the Wall Street Journal reports, the tool was used 50,270 times in 2020, compared to only 22,000 times in 2017. To find out the reason for this increase, Meta has therefore launched an internal investigation.
After extensive research, the group discovered that some of its employees and contractors – including security guards, who could use it in case of problems with their own accounts – had given in to the lure of profit and have charged for access to this system. They have thus earned thousands of dollars by taking over accounts that have been deactivated or belong to famous influencers on behalf of companies and scammers. For example, a contractor reset several user accounts for hackers in exchange for bitcoin payments.
Facebook and Instagram: popular platforms for scammers
The Wall Street Journal relays the testimony of several people who paid a Meta employee to recover access to an Instagram or Facebook account. This is the case of an American entrepreneur working for McCandless Group, a company specializing in supporting its customers: software, graphic design, marketing… and account recovery, especially for content creators on social networks. . He explains that “When you delete the Instagram account of someone who has spent years building it, you take away their ability to generate income.” This is why he offered his customers to regain access to their accounts thanks to an employee at Meta for a tidy sum. Brooke Millard, an influencer who used the services of McCandless, says she paid the firm $7,000 to recover her account. But this traffic is also used for more nefarious purposes. By regaining access to an account, hackers can spread their scams much more easily, especially if it is followed by many unsuspecting subscribers…
To to date, 24 people have been made redundant. Meta, through his spokesperson Andy Stone, confessed that the “People selling fraudulent services always target online platforms, including ours, and tailor their tactics to the detection methods typically used in the industry.“. The company ensures that “we also regularly update our security measures to deal with this type of activity and we will continue to take appropriate action against those involved in such schemes “ and “We take all reports of violations of our standards of conduct seriously.”