- Facebook fired 52 people from 2014 to August 2015 for abusing access to user data, a new book says.
- One person reportedly used data to track down a woman he was traveling with who had left him after a fight.
- Changes to retention of such data were “antithetical to Mark’s DNA,” one employee told the authors.
- See more stories on Insider’s business page.
A Facebook engineer reportedly abused employee access to user data to track down a woman who had left him after they fought, a new book says.
Between January 2014 and August 2015, the company fired 52 employees for exploiting user data for personal means, according to an advance copy of “An Ugly Truth: Inside Facebook’s Battle for Domination” that Insider obtained.
The engineer, who is unnamed, reportedly tapped into the data to “confront” a woman with whom he had been vacationing in Europe after she left the hotel room they had been sharing. He was able to figure out her location at a different hotel.
Another Facebook engineer used his employee access to dig up information on a woman with whom he had gone on a date after she stopped responding to his messages. In the company’s systems, he had access to “years of private conversations with friends over Facebook messenger, events attended, photographs uploaded (including those she had deleted), and posts she had commented or clicked on,” according to the book. Through the Facebook app the woman had installed on her phone, the book claims, he was also able to see her location in real time.
Facebook employees were granted user data access in order to “cut away the red tape that slowed down engineers,” the book says.
“There was nothing but the goodwill of the employees themselves to stop them from abusing their access to users’ private information,” the book’s authors, Sheera Frenkel and Cecilia Kang, write. They add that most of the employees who abused their employee privileges to access user data only looked up information, although a few didn’t stop there.
Most of the engineers who took advantage of access to user data were “men who looked up the Facebook profiles of women they were interested in,” the book says.
Facebook told Insider it fires employees found to have accessed user data for non-business purposes.
“We’ve always had zero tolerance for abuse and have fired every single employee ever found to be improperly accessing data,” a spokesperson told Insider in a statement. “Since 2015, we’ve continued to strengthen our employee training, abuse detection, and prevention protocols. We’re also continuing to reduce the need for engineers to access some types of data as they work to build and support our services.”
A problem that cropped up ‘nearly every month’
Facebook CEO Mark Zuckerberg was first made aware of the problem in September 2015, when then-Chief Security Officer Alex Stamos raised the issue with him. In a presentation to Zuckerberg and the company’s top executives, Stamos said engineers had abused the access “nearly every month,” the book says.
At the time, more than 16,000 employees had access to users’ private data, according to the book. Stamos suggested tightening access to fewer than 5,000 employees and fewer than 100 for particularly sensitive information like passwords. He proposed requiring employees to submit formal requests for access to private data but received pushback from executives. Zuckerberg said changes on the matter were “a top priority” and tasked Stamos with finding a solution and giving an update in a year, according to the book.
But changes that would limit data retention were “antithetical to Mark’s DNA,” one employee told the book’s authors.
“At various times in Facebook’s history there were paths we could have taken, decisions we could have made, which would have limited, or even cut back on, the user data we were collecting,” the employee said, according to the book. “Even before we took those options to him, we knew it wasn’t a path he would choose.”