Facebook: employees resell user accounts to hackers

An extensive internal investigation at Meta led to the dismissal of more than 20 employees. The company accuses them of having used Oops, a tool reserved for Facebook teams, to resell access to user accounts to hackers. Some would have won several thousand dollars.

What to do when you lost access to your Facebook account? You can try to change the password, indicate that it has been hacked or, in some cases, contact the company directly to explain the situation to them. Social network employees have Oops.

Oops, short for “Online Operations”, is a tool whose use is strictly reserved for internal employees. And this for a very specific reason: it allows you to recover any lost or banned account from the platform. Enough to give ideas to the less virtuous employees of the firm.

Facebook dismantles an internal account reselling network

Oops has existed almost as long as Facebook itself, explains the Wall Street Journal, which unveiled the whole affair. Only employees therefore have access to it, and are only supposed to use it to help relatives, friends, or certain important accounts of celebrities or influencers.

However, in recent years, the number of uses of Oops has skyrocketed within Meta, from 22,000 in 2017 to 50,270 in 2020. After launching an investigation, Meta discovered that several employees were using Oops to resell lost or hacked accounts.

Related — Facebook Messenger Hackers Hijacked Millions of Accounts to Line Their Pockets

There are many buyers. Nick McCandless, one of them, agreed to testify on behalf of his company McCandless Group, which specializes in supporting content creators on social networks. “When you delete the Instagram account of someone who has spent years building it, you take away their means of generating income”he explains.

Nick McCandless thus admits having been in direct contact with a Facebook employee, who himself had access to Oops. The rest, you guessed it: he offered these customers who had lost their account to regain their access, with the help of the Facebook employee, for a certain amount of course. Brooke Millard, an influencer who used the services of Nick McCandless, indicates that she paid the company $7,000 to find her account.

Meta lays off dozens of employees who collaborated with scammers

Third-party companies are of course not the only ones to take advantage of this system. Hackers obviously also have every interest in associating with an employee with Oops access. By gaining control of an account, they can more easily spread their scams without arousing suspicion, especially if the accounts in question are followed by many people.

On the same subject — Play Store: 200 Android applications hide malware capable of hacking your Facebook account

Kendel Melbourne was fired in 2021 for this reason. Meta today accuses him of helping “Third party actors to take control of Instagram accounts in an illicit manner”. For his part, the former employee defends himself by saying that the company does not train its employees in the use of Oops, and that he then thought to help ordinary users.

To date, Meta says it has fired 24 employees and partners for illegally reselling accounts. The investigation, meanwhile, still does not seem to be over. Through a spokesperson, the company assures that it “will continue to take appropriate action against those involved in such cases” and that she” takes seriously all reports of violations of [ses] standards of conduct”.

Source: Wall Street Journal