Facebook explain when Employees can access your account without your password

your Facebook account can be accessed by Facebook engineers Or Emp. and that too without entering your account credentials? Recent details provided by the social network giant show who can access your Facebook account and when.

No doubt, Facebook and other big tech companies including Google, Apple and Yahoo! are making their services out of reach from law enforcement and spies agencies, but at the same time they itself, at least some employees, have access to your personal data.

Earlier this week, director at the record label Anjunabeats, Paavo Siljamäki, brought attention to this issue by posting a very interesting story on his Facebook wall. During his visit to Facebook office in LA, a Facebook engineer logged into his Facebook account after his permission, but the strange part — they did it without asking him for the password.

YOUR ACCESS WITHOUT ANY NOTIFICATION

Facebook didn’t notify Siljamäki that someone else accessed his private Facebook profile, as the company does when your Facebook account is accessed from any new device or from a different Geo-location.

Assume for a second that spies and hackers can't illegally access your private content online. Obviously, some employees at big tech firms need access to your material and Facebook has released details of just who can access your account and when.
Quite a lot of people are employed at companies like Facebook, Apple and Google, but just how many of them have access to our private emails and accounts? Thankfully, not many and security is very tight at Facebook at least according to a statement released by the company.
"We have rigorous administrative, physical, and technical controls in place to restrict employee access to user data", the statement reads. Facebook has a special security tool that its employees use to access customer accounts, and its use is heavily monitored and controlled. Any misuse results in immediate termination.
Paavo Siljamäki, director at the record label Anjunabeats, brought attention to the issue when he posted, on Facebook, that on a visit to the company's L.A. office an employee was easily able to access his account without asking him for his password. When pushed about how the employee did this, Facebook issued the above statement.
Facebook doesn't go into any details of exactly who can access what, but they do say that access is tiered and tailored to specific job function. Also, most employees only get this access when they're replying to a customer request for information or error report as was the case with Siljamäki. Facebook's statement explains: "Designated employees may only access the amount of information that's necessary to carry out their job responsibilities, such as responding to bug reports or account support inquiries".
As with any system though, abuse is possible and to counter this Facebook runs two separate monitoring systems that create weekly reports on suspicious behaviour which are then analysed by two independent security teams. Facebook also confirms that these precautions have been confirmed by outside regulators, saying: "Our controls have been evaluated by independent third parties and confirmed multiple times by the Irish Data Protection Commissioner's Office as part of their audit of our practices." The Irish Data Protection Commissioner oversees the company's legal compliance for customers outside North America because Facebook's European headquarters are based in Dublin.Sounds like they've got it covered then. We don't need to worry about Mark Zuckerberg trolling through our timeline anytime soon. Now if it wasn't for those pesky hackers and NSA agents.

In short, Siljamäki says he was asked if a Facebook employee could “look” at his profile, to which he gave permission. The engineer then accessed the account without entering Siljamäki’s password.
A Facebook spokesperson gave us the following statement:

We have rigorous administrative, physical, and technical controls in place to restrict employee access to user data. Our controls have been evaluated by independent third parties and confirmed multiple times by the Irish Data Protection Commissioner’s Office as part of their audit of our practices.
Access is tiered and limited by job function, and designated employees may only access the amount of information that’s necessary to carry out their job responsibilities, such as responding to bug reports or account support inquiries. Two separate systems are in place to detect suspicious patterns of behavior, and these systems produce reports once per week which are reviewed by two independent security teams.
We have a zero tolerance approach to abuse, and improper behavior results in termination.


In short, Facebook has a customer service tool that can grant access to a user’s account. That said, it is apparently heavily monitored and controlled, requires consent from the user, and can only be used in specific cases by a select group of employees.