Privacy Violations by Facebook Employees
I don’t know if this is real, but it seems perfectly reasonable that all of Facebook is stored in a huge database that someone with the proper permissions can access and modify. And it also makes sense that developers and others would need the ability to assume anyone’s identity.
Rumpus: You’ve previously mentioned a master password, which you no longer use.
Employee: I’m not sure when exactly it was deprecated, but we did have a master password at one point where you could type in any user’s user ID, and then the password. I’m not going to give you the exact password, but with upper and lower case, symbols, numbers, all of the above, it spelled out ‘Chuck Norris,’ more or less. It was pretty fantastic.
Rumpus: This was accessible by any Facebook employee?
Employee: Technically, yes. But it was pretty much limited to the original engineers, who were basically the only people who knew about it. It wasn’t as if random people in Human Resources were using this password to log into profiles. It was made and designed for engineering reasons. But it was there, and any employee could find it if they knew where to look.
I should also say that it was only available internally. If I were to log in from a high school or library, I couldn’t use it. You had to be in the Facebook office, using the Facebook ISP.
Rumpus: Do you think Facebook employees ever abused the privilege of having universal access?
Employee: I know it has happened in the past, because at least two people have been fired for it that I know of.
[…]
Employee: See, the thing is—and I don’t know how much you know about it—it’s all stored in a database on the backend. Literally everything. Your messages are stored in a database, whether deleted or not. So we can just query the database, and easily look at it without every logging into your account. That’s what most people don’t understand.
Rumpus: So the master password is basically irrelevant.
Employee: Yeah.
Rumpus: It’s just for style.
Employee: Right. But it’s no longer in use. Like I alluded to, we’ve cracked down on this lately, but it has been replaced by a pretty cool tool. If I visited your profile, for example, on our closed network, there’s a ‘switch login’ button. I literally just click it, explain why I’m logging in as you, click ‘OK,’ and I’m you. You can do it as long as you have an explanation, because you’d better be able to back it up. For example, if you’re investigating a compromised account, you have to actually be able to log into that account.
Rumpus: Are your managers really on your ass about it every time you log in as someone else?
Employee: No, but if it comes up, you’d better be able to justify it. Or you will be fired.
Rumpus: What did they do?
Employee: I know one of them went in and manipulated some other person’s data, changed their religious views or something like that. I don’t remember exactly what it was, but he got reported, got found out, got fired.
Odalchini • January 19, 2010 12:02 PM
No surprise here. Every service, system, database, whatever, has administrators with privilege to do anything or change anything anywhere. You have to have such people to run the service. You have to trust them. Sometimes they go bad. In a good company they should be vetted and their activities monitored, but sometimes they go bad despite all the precautions that anyone can think up. It’s a risk that goes with using computers. It’s a manageable risk, but still a non-zero risk.