Facebook engineers can access your account at any time, without having to know your password or even having your explicit permission to do so.
New details came to light after music producer Paavo Siljamäki visited Facebook's LA offices and an employee asked if they could access his profile.
I said 'sure'. A Facebook engineer can then log in directly as me on Facebook seeing all my private content without asking me for the password.
Just made me wonder how many of Facebook's staff have this kind of 'master' access to anyone's account? What are the rules on who and when they can access our private content and how would we know if someone did? (My facebook did not notify me that someone else accessed my private profile).
- Paavo Siljamäki
A Facebook spokesperson explained to i100.co.uk that access is "tiered and limited by job function" so employees only get at the exact information they need and that behaviour is strictly monitored.
Employees may need to access an account in order to respond to bug reports or other account support enquiries, they explained.
We have rigorous administrative, physical, and technical controls in place to restrict employee access to user data. Our controls have been evaluated by independent third parties and confirmed multiple times by the Irish Data Protection Commissioner’s Office* as part of their audit of our practices.
Two separate systems are in place to detect suspicious patterns of behaviour, and these systems produce reports once per week which are reviewed by two independent security teams.
We have a zero tolerance approach to abuse, and improper behaviour results in termination.
- Facebook statement
*For all users outside the US and Canada (as with Mr Siljamäki), private information is held by Facebook Ireland Ltd hence the use of the Irish Data Protection Commissioner's Office.