Meta allegedly fired or disciplined over two dozen employees for misusing — and, in some cases, taking bribes for using — an account recovery tool over the past year. The Wall Street Journal reported the news this morning, describing a “cottage industry” of people abusing a tool called “Oops” or Online Operations. That includes accepting thousands of dollars to get legitimate users and hackers alike into Facebook or Instagram accounts.
Oops is a long-running shortcut to Facebook and Instagram’s typically automated account recovery process, designed for acquaintances of Meta employees. (Its queue apparently processed around 50,000 “tasks” in 2020, the number growing rapidly as Meta expanded.) But the Journal report claims a black market has grown around it, particularly among third-party security contractors who were given access to the tool.
One now-fired employee told the Journal that he was tricked into filing fraudulent Oops reports on behalf of hackers. Another, who denied wrongdoing, allegedly received thousands of dollars in Bitcoin for working with hackers. Meanwhile, outside Meta’s workforce, some businesses offer account recovery as a paid service to creators, promising they can pull strings inside the company. As one such operator puts it, “you really have to have someone on the inside who will actually do it.”
Meta allegedly discovered the extent of the problem after an internal probe. In a statement to the Journal, spokesperson Andy Stone said that “individuals selling fraudulent services are always targeting online platforms, including ours,” and that Meta would “keep taking appropriate action” against rulebreakers.
But as the Journal implies, part of the problem is Meta’s historically frustrating and frequently dead-end customer service. Facebook and Instagram operate at a massive scale, making personalized help difficult to get. And for individual account holders, a hack or password problem can mean losing a major communication channel or even a commercial storefront. Meta has only recently made serious attempts to build out its help options, launching a live chat help service in late 2021 and establishing a customer service division in April of 2022.
Any internal tool can be abused, and sometimes, the end result appears to have helped hackers. But in at least some cases, that abuse seems driven by demand for a real service that Meta failed to provide — except to a chosen few.