Earlier this week, a record label executive named Paavo Siljamäki told a troubling story about a visit he paid to Facebook’s offices in Los Angeles offices. He was speaking to employees about how his business could use Facebook better when he was asked if an engineer could access his page. He gave his consent, and the engineer signed directly into his account without asking for the password.
Facebook responded to the story and tried to calm users alarmed by the idea of Facebook employees with unlimited access to private information.
“Access is tiered and limited by job function, and designated employees may only access the amount of information that’s necessary to carry out their job responsibilities,” Facebook said. “Two separate systems are in place to detect suspicious patterns of behavior, and these systems produce reports once per week which are reviewed by two independent security teams. We have a zero tolerance approach to abuse, and improper behavior results in termination.”
To Facebook’s credit, they have a rigorous system in place to prevent employees from abusing their privileges. It’s heavily monitored, and as Venture Beat points out, abusing it would essentially be the easiest way for an employee to get fired. However, the fact remains that Facebook is not infallible. As a recent near-disaster with Facebook’s security illustrates, all it takes is one dedicated hacker to find and exploit flaws in the site. In other words, if you don’t want a picture or post to get seen — by Facebook employees or otherwise — don’t post it on your page in the first place.