Facebook Fires 'Stalker' Engineer

John Lister's picture

Facebook has fired an engineer accused of misusing private data to 'stalk' women online. He is thought to be a security engineer who abused his 'privileged access' level to data.

One of the engineer's alleged victims was the founder of a cyber security company. She's made public the conversation she had with the Facebook engineer, in which the man talks about being a security analyst. He wrote: "... I also try to figure out who hackers are in real life... [so, I'm a] professional stalker."

It appears the pair were conversing after being connected through the dating app Tinder. To make sure users of the app are who they say they are, Tinder users must sign up using their Facebook account.

Victim Gets Tip-Off

The woman who raised the issue says she was told by an anonymous source that the man was "likely using privileged access to stalk women online." She says she independently confirmed this was the case as the man used the same photo for his Tinder account and LinkedIn, a business networking site.

The reference to 'privileged access' has a specific meaning in an information technology context. It's roughly equivalent to having an elevated security clearance and thus being able to access data that ordinary employees can't see.

Facebook Launching Own Dating Site

Alex Stamos, the head of security at Facebook, said:

"It's important that people's information is kept secure and private when they use Facebook. It's why we have strict policy controls and technical restrictions so employees only access the data they need to do their jobs - for example to fix bugs, manage customer support issues or respond to valid legal requests. Employees who abuse these controls will be fired." (Source: pcmag.com)

The incident has particularly ironic timing. Earlier this week Facebook announced it will be launching its own online dating service aimed at producing longer-lasting relationships. The idea is to use Facebook's data to match people based not only on their responses to a questionnaire but also on common interests expressed on Facebook and whether people have friends in common. (Source: businessinsider.com)

What's Your Opinion?

Does Facebook deserve praise or criticism for the incident and the way it's handled it? Should companies more tightly vet employees who have high levels of access to customer data? Or is the threat of instant dismissal the only way to minimize the risks?

Rate this article: 
Average: 5 (3 votes)

Comments

davolente_10330's picture

Well..... just one more hazard of using the dreaded, so-called "social media". It's got a lot to answer for. How does a company guard against someone employed by them, who abuses their trusted position? The answer is - they can do nothing! There's an old saying...."Who watches the watchers?" If someone turns "rogue", who's to know, until the dirty deed is exposed? The damage is done, reputations sullied and (hopefully) heads will roll. I will NOT use ANY form of social media and I remain as anonymous as possible in comments or forum pages such as this. As far as I'm concerned, real names and other genuine data stay firmly with me.

Richard Robinson's picture

I have worked on this exact problem, and best answers I know:
1. have clever access control system that allows minimum access do do one's job.
2. Build access entry including what accessed, date. who accessed & reason.
Reason examples being cust inquiry num, system bug number or whatever.
3. Log all access entries and peruse log for strange actions.
4. Record access entries against data being accessed, so data owner can see who looked/updated their data.

With the approach above, any "complaint" can be quickly analyzed