Paavo Siljamäki, director at the record label Anjunabeats earlier this week revealed how a Facebook engineer logged into his account without entering his account credentials.
Siljamäki made his revelations public on Facebook in the post below.
A Facebook Spokesperson has released the following statement concerning the issue.
We have rigorous administrative, physical, and technical controls in place to restrict employee access to user data. Our controls have been evaluated by independent third parties and confirmed multiple times by the Irish Data Protection Commissioner’s Office as part of their audit of our practices.
Access is tiered and limited by job function, and designated employees may only access the amount of information that’s necessary to carry out their job responsibilities, such as responding to bug reports or account support inquiries. Two separate systems are in place to detect suspicious patterns of behavior, and these systems produce reports once per week which are reviewed by two independent security teams.
We have a zero tolerance approach to abuse, and improper behavior results in termination
This means Facebook has a customer service tool that can grant access to a user’s account.
Via VB