Meta Moderators Handed Out Access To Facebook Accounts In Exchange For Bribes

Scams

from the just-BEGGING-for-direct-regulation dept

Moderation at scale is impossible. This truism has been enshrined on the pages of Techdirt. Anyone working for a platform with thousands of users — much less millions or billions of users — knows this is true. Meta, the rebrand now controlling Facebook, certainly knows this to be true. Facebook has billions of users and the amount of user-generated content requiring moderation is only slightly easier to manage than the 720,000 hours of video uploaded to YouTube every day.

What doesn’t help this already-impossible task is rogue employees who decide (either for altruistic or self-serving reasons) to abuse a system internally, exacerbating the gamesmanship exhibited by users who know how to manipulate the weaknesses inherent in impossible tasks.

Meta Platforms Inc. has fired or disciplined more than two dozen employees and contractors over the last year whom it accused of improperly taking over user accounts, in some cases allegedly for bribes, according to people familiar with the matter and documents viewed by The Wall Street Journal.

Some of those fired were contractors who worked as security guards stationed at Meta facilities and were given access to the Facebook parent’s internal mechanism for employees to help users having trouble with their accounts, according to the documents and people familiar with the matter.

Hey, if you want Congress to get more directly involved in content moderation, this is a great way to do it. The job is already impossible to do well. Getting paid twice to do it poorly is bad optics and bad business. It lets everyone know Meta can’t handle the moderators it has employed, much less the moderation load of day-to-day business.

Making this whole debacle even more unfortunate is the acronym used internally to refer to the exploited moderation system: “Oops.” It stands for online operations used to reconnect users who’ve forgotten their login passwords or email addresses. Its a good acronym, considering the problems it’s supposed to handle, but “Oops” is going to lend itself to punchy public statements by grandstanding legislators looking for any reason to end Section 230 immunity, and will make multiple appearances if Meta is summoned to Congressional hearings over this headline-generating bit of malfeasance.

The good news is that heads have rolled. Whether the rolling heads will deter others remains to be seen, though. If nothing else, it shows Meta is at least doing some due diligence when it comes to accusations of abuse. But Meta’s statement on the issue isn’t exactly comforting: it suggests this abuse is both external and internal, and that there’s no apparent solution that will prevent this sort of thing from happening in the future.

“Individuals selling fraudulent services are always targeting online platforms, including ours, and adapting their tactics in response to the detection methods that are commonly used across the industry,” said Meta spokesman Andy Stone. He added that the company “will keep taking appropriate action against those involved in these kinds of schemes.”

Making this problem even more impossible to solve is that the “Oops” system often interacts with third parties acting on behalf of users who have been locked out of their accounts, some of whom have had their accounts hijacked by malicious hackers. There are several levels of potential exploitation here, beginning with the account hijackers, running through third-party services that may be promising locked-out users more than they can deliver, and finally ending up on the doorstep of “Oops,” where certain Meta staffers are apparently willing to grant access to whoever’s asking, so long as they’re willing to shell out a few bucks.

The Wall Street Journal article suggests firing moderators may not actually solve the problem. There’s evidence out there showing former employees have leveraged their contacts inside Meta to trigger account actions normal users are often unable to access.

Meta is also investigating some former employees for remaining in contact with other workers, allegedly to hijack user accounts. In July, an attorney on behalf of Meta sent a letter to one former security contractor who was fired in 2021, Kendel Melbourne, alleging that he assisted “third parties to fraudulently take control over Instagram accounts,” including after he left the company, according to a copy of the letter.

Another contractor working for the same company that employed Kendel Melbourne was fired after it was discovered she had provided hackers fraudulent access to multiple accounts in exchange for “thousands of dollars in bitcoin.”

Moderation at scale is still impossible. But it can be done better than this. Internal teams like this should be subjected to constant oversight, rather than given free rein to do whatever they want until it starts causing problems too big to ignore. This cleanup effort certainly won’t be Meta’s last. And until it shows it’s serious about protecting users from internal threats to account security, it’s going to generate headlines and government scrutiny that’s ultimately going to harm platforms that don’t have the market share or on-hand capital to survive increased regulation or the stripping of Section 230 immunity.

Filed Under: bribes, content moderation, content moderators, internal controls
Companies: facebook, meta