Sure, the Cambridge Analytica thing was a big deal, but Facebook is really sorry about that now. Surely we can count on them to go out of their way to ensure that no one abuses the data they’ve gathered to target an unsuspecting user base, right? Oh, one of their employees was using customer data to stalk women on Tinder? Okay, never mind.
This weekend, a cybersecurity consultant named Jackie Stokes discovered that an unnamed security engineer at Facebook was not only using customer information to stalk users on Tinder, but bragging about it to one of the very women he found this way while texting with her. Stokes saw the conversation, then determined that the stalker worked at Facebook by cross-referencing online profiles. She then tweeted her findings:
I’ve been made aware that a security engineer currently employed at Facebook is likely using privileged access to stalk women online.
I have Tinder logs. What should I do with this information?
— Jackie Stokes 🙋🏽 (@find_evil) April 30, 2018
I should mention that I confirmed this individual works at FB through cross reference of his Tinder profile pic, LinkedIn, and @alexstamos’ https://t.co/xKFDknYqTh connections.
— Jackie Stokes 🙋🏽 (@find_evil) April 30, 2018
I really, really hope I’m wrong about this. pic.twitter.com/NDkOptx8Hv
— Jackie Stokes 🙋🏽 (@find_evil) April 30, 2018
In a screenshot of the incriminating conversation, the FB security engineer seemed to be talking to a woman he found on Tinder having stalked her using her Facebook information.
WOMAN: You’re a security analyst? I think that’s really cool.
ENGINEER: Haha more than that…but based off that…I also try to figure out who hackers are in real life…so professional stalker. so out of habit I have to say that you are hard to find lol
WOMAN: Wow. Lol. Is that what you’re currently doing? Trying to internet stalk me?
Wait, so you used information I thought was private on Facebook to find me on Tinder? Lol.
On the plus side, once Stokes told Facebook about her findings, they moved really quickly. As Alex Stamos, Facebook’s chief information security officer said in an interview with Motherboard:
“We are investigating this as a matter of urgency. It’s important that people’s information is kept secure and private when they use Facebook. It’s why we have strict policy controls and technical restrictions so employees only access the data they need to do their jobs—for example to fix bugs, manage customer support issues or respond to valid legal requests. Employees who abuse these controls will be fired.”
And so, Facebook fired this guy two days after they were made aware of the situation. Stokes praised the company, and Stamos in particular, for handling things so quickly:
I’d like to thank the many Facebook employees who reached out to me personally to find out what they could do to help, and especially their CSO @alexstamos for deft handling of a dicey issue during a time when words and actions matter more than ever.https://t.co/W8Joe2Bc6e
— Jackie Stokes 🙋🏽 (@find_evil) May 2, 2018
This story highlights the fact that when it comes to online security, it’s not only about privacy settings, or what can be handled through advancements in security technologies. It’s about fostering a work environment in which valuing things like this is important. Technology is only as good as the people who use it.
When hiring people to work in the security realm, their ethical qualifications need to be considered alongside their tech qualifications. And when discussing issues of privacy and security, the human component cannot be overlooked. All the technological advancements in the world are no match for the power of entitled assholes looking for a date.
So, maybe let’s not let those assholes have jobs guarding people’s private information, m’kay?
(via The Daily Dot, image: mstable/Flickr)
Want more stories like this? Become a subscriber and support the site!
—The Mary Sue has a strict comment policy that forbids, but is not limited to, personal insults toward anyone, hate speech, and trolling.—
