A Facebook Employee Allegedly Stalked Women On The Website & There's An Investigation
According to a report by Vice's Motherboard on Monday, a Facebook security engineer is accused of stalking women on the platform. Founder of the cybersecurity consultancy firm Spyglass Security, Jackie Stokes, first highlighted the issue in a tweet on April 29, writing that she had "been made aware that a security engineer currently employed at Facebook is likely using privileged access to stalk women online."
A Facebook spokesperson confirmed to Bustle that the accused employee has been terminated. The Spyglass Security founder wrote that she was given screenshots of a conversation between the accused Facebook engineer and a woman on Tinder. In the log that Stokes received, the engineer allegedly asked the woman if she knew what his profession was. The woman guessed if he was a "security analyst" and said that she thought "that's really cool." In response, the log showed the man saying that he was "more than that" and added, "I also try to figure out who hackers are in real life... So, [a] professional stalker." He added that she was "hard to find."
A spokesperson for the social media network confirmed to Motherboard, "Although we can’t comment on any individual personnel matters, we are aware of the situation and investigating." On the issue of using company-granted access to potentially invade other people's privacy, the spokesperson said that the platform maintains "strict technical controls and policies to restrict employee access" to its users' data.
"Access is scoped by job function, and designated employees are only allowed to access the amount of information that’s necessary to carry out their job responsibilities, such as responding to bug reports, account support inquiries, or valid legal requests," the spokesperson added. Bustle has reached out to Facebook for further comment.
In order to verify the identity of the accused Facebook security engineer, Stokes said that she "cross-referenced" through the individual's "Tinder profile [picture], LinkedIn [profile], and @alexstamos' Keybase.io connections." Keybase allows people to verify the authenticity of online identities through an encrypted database: imagine a public directory but with tight security that prevents hackers from intercepting user requests. People can request information on individuals; these requests are then processed, verified, and reviewed by Keybase's secure server.
Stokes hasn't shared more information about the alleged incident. On Monday, she tweeted, "Sorry, [journalists]! I really respect your profession, but I won’t be sharing any additional detail regarding the Facebook issue beyond their security team." She added, "There is nothing here besides my source, who deserves protection."
The report arrives shortly after The Guardian published an explosive report about Facebook sharing the data of 87 million users with Cambridge Analytica, a United Kingdom-based data analytics firm. In March, Zuckerberg acknowledged the issue of user privacy, "We didn’t take a broad enough view on what our responsibility was and that was a huge mistake. That was my mistake." Soon after the Guardian report came out, Zuckerberg appeared before the Senate's Judiciary and Commerce committees to answer questions about his company's privacy controls. It got pretty awkward, too.
Now, with the issue of a Facebook engineer allegedly using his inside access to stalk users on the social network, some observers may have even more qualms about the company's stance on privacy and ethics. Facebook has made steps to up its security protocols for users, including enabling users to disable their browser tracking history and revoking access third-party vendors have to users' personal data.
Stokes noted in her tweets that she reached out to Alex Stamos, chief security officer of Facebook, about the issue. She also tweeted that several Facebook employees reached out to her "with concern" over the claim. It's unclear how exactly Facebook is conducting its investigation, but its spokesperson assured Motherboard that the company has a "zero-tolerance approach to abuse."