Apparently he's not the only Facebook employee that saw the dating potential of the database.
Google once also had a case like this. What speaks for FB (and Google) that these things happen so rarely. Their processes (including hiring) and monitoring must be quite good to be able to have a workforce that large and yet so few incidents of this kind (at least, that we hear about).
A significant majority of Facebook's security infrastructure is inward-facing. Too much history with engineers doing stuff like this and the possibility of an employee being compromised by a hostile state actor is high on the list of threats that are considered. It used to be the case that an engineer could fire up a test instance of the front-end and poke away at the back-end without anyone noticing, but those days are long past. I am not sure how much more has been added in the past few years, but there were so many instances of developers snooping on the new SO of their ex-SO back in the day that the paranoia level for this sort of threat became a driver for a lot of infosec projects.
Given that anyone on the team who had been around for a while would have known this I am assuming the security engineer who was shown the door was either an intern or new to the team as most others would have known that they would eventually be caught.
I think you are exaggerating the amount of internal security there is at facebook. Up until a couple years ago, many of the internal tools didn't have any privacy restrictions to stop employees from looking at private user data. I looked at user data all the time as part of my job and was never questioned about it. Of course I never looked at anything I shouldn't have out of fear of getting caught. But no one checked to see why I was always looking at user data.
Even after common tools were changed to add warnings about accessing private data, there were still many ways to go around them. All engineers have access to user databases as well as the thousands of other data sets that contained user data.
The reason why most employees wouldn't abuse their power is the fear of getting caught (not due to any actual internal security). From this article, it's not clear how the fired employee accessed private data. So I can't say if they did something too obvious or if they put any effort in making sure they had plausible deniability if caught. This article doesn't indicate whether internal security actually caught the data access violation. It sounds like they only found out after the accusations appeared on twitter.
What makes you assume this happens rarely? As far as you know, this could be widespread but simply doesn't end up in the news.
Even if the employee gets caught, most companies (or fired employees) wouldn't announce it publicly. The only reason we know about this case is because this person bragged about it to someone else who made it public.
So he uses Facebook to find the real profile of the women he matches on Tinder. Don't we all do that?
He probably shouldn't have done that. But she is too sensitivity, if you don't like him just unmatch. No need to cause someone to lose his job.
This culture of political correctness is getting too over the top. And people are getting tire over it, which may explain why we have people like Trump on power.
> But she is too sensitivity, if you don't like him just unmatch. No need to cause someone to lose his job.
Um no. Plenty of cause to make him lose his job.
> This culture of political correctness is getting too over the top.
This has absolutely nothing to do with political correctness but everything to do with violating the trust of the users of the company that you work for in the worst possible way.
> And people are getting tire over it, which may explain why we have people like Trump on power.
I'm not sure what Trump has to do with it but if you see Trump as helping people to 'get over it' than I think you're a bit mis-informed. If anything Trump is showing people that if you ignore this sort of thing it can grow to very ugly proportions.
11 comments
[ 1.4 ms ] story [ 33.1 ms ] threadGoogle once also had a case like this. What speaks for FB (and Google) that these things happen so rarely. Their processes (including hiring) and monitoring must be quite good to be able to have a workforce that large and yet so few incidents of this kind (at least, that we hear about).
Given that anyone on the team who had been around for a while would have known this I am assuming the security engineer who was shown the door was either an intern or new to the team as most others would have known that they would eventually be caught.
Even after common tools were changed to add warnings about accessing private data, there were still many ways to go around them. All engineers have access to user databases as well as the thousands of other data sets that contained user data.
The reason why most employees wouldn't abuse their power is the fear of getting caught (not due to any actual internal security). From this article, it's not clear how the fired employee accessed private data. So I can't say if they did something too obvious or if they put any effort in making sure they had plausible deniability if caught. This article doesn't indicate whether internal security actually caught the data access violation. It sounds like they only found out after the accusations appeared on twitter.
Even if the employee gets caught, most companies (or fired employees) wouldn't announce it publicly. The only reason we know about this case is because this person bragged about it to someone else who made it public.
This is worrisome, especially given the comment upthread about how a large portion of Facebook's security is inward facing.
He probably shouldn't have done that. But she is too sensitivity, if you don't like him just unmatch. No need to cause someone to lose his job.
This culture of political correctness is getting too over the top. And people are getting tire over it, which may explain why we have people like Trump on power.
Um no. Plenty of cause to make him lose his job.
> This culture of political correctness is getting too over the top.
This has absolutely nothing to do with political correctness but everything to do with violating the trust of the users of the company that you work for in the worst possible way.
> And people are getting tire over it, which may explain why we have people like Trump on power.
I'm not sure what Trump has to do with it but if you see Trump as helping people to 'get over it' than I think you're a bit mis-informed. If anything Trump is showing people that if you ignore this sort of thing it can grow to very ugly proportions.