VPN Articles and News

Facebook Employees Can Access Your Account Without A Password through Master Access

By Paul Liu
Friday, February 20th, 2015

Your Facebook account can not only be accessed by you but also by a lot of Facebook employees and that too without supplying a password! Reports have emerged that many Facebook engineers have the authority of accessing any account without needing a password or even permission from the account holder. While this Master Access definitely sounds like a scary scenario, Facebook has issued a reply on why it allows such kinds of activities.

When Paavo Siljamäki walked into Facebook’s LA office, he was not prepared for what he was about to witness. Siljamäki, director of record label Anjunabeats, is an avid Facebook user and he was seeking tips on how to use the site in a better way. His request was taken up by a Facebook engineer who asked him whether it was OK to look at his profile. When he replied in the affirmative, the engineer logged into Siljamäki’s account without even asking for his password. The engineer was not only able to browse his profile but also check his private data and photos without any restrictions. Siljamäki also discovered later on that he had not received any notification regarding the fact that his account was being accessed by someone else.

Siljamäki posted the whole experience on his Facebook wall and wondered how many Facebook employees have this kind of master key to access anyone’s account. He also wanted to know whether there are any rules in place regarding who can access others’ accounts and private content. Siljamäki’s story created a flutter online and caused privacy conscious individuals to question Facebook’s account control rules. The story was also spotted by Venture Beat who then proceeded to contact the social networking giant regarding its account control practices.

Facebook, in its reply, said that they have rigorous technical, physical and administrative controls in place that restrict unauthorized access to user data. The company also added that the controls have been verified by independent third parties and validated by Ireland’s Data Protection Commissioner as a part of their audits.

As far as the matter of access to user accounts was concerned, Facebook said that access to user accounts was tiered and was also limited by job function. The company also added that only designated employees were authorized to access the amount of information needed to carry out their responsibilities which included account support queries and replying to bug reports. Facebook also said that have two separate systems to detect suspicious behavior and these systems generated weekly reports that are reviewed by independent security teams.

In order to reassure its users, Facebook said that they have a zero tolerance towards unauthorized access of user accounts and abuse of users’ private data. The company said that any improper behavior from employees usually results in a quick termination.

While Facebook grants account level access only to select group of employees, the feature is prone to abuse since there is no way to know whether an account was accessed by the company’s staff. As such, Facebook’s reply is not really reassuring and raises even more questions about the security and privacy of our private data.