Facebook Master Password Let Employees Access Your Account--'Crazed Stalker' Or Not

Here's How Easy It Was For Facebook Employees To Access Your Account--Messages And All

Facebook in its early days wasn't exactly Fort Knox, according to Facebook's fifty-first hire Katerine Losse: pretty much any employee could access the inner workings of your profile -- private messages and all -- with one master password that was given out to its hires.

That's just one of many anecdotes about life in the "Facebook frat house" that is coming to light thanks to Losse's tell-all book, The Boy Kings: A Journey Into the Heart of the Social Network. Her narrative about Facebook's early days and its company culture will be released June 26th by Free Press, an imprint of Simon and Schuster.

According to an excerpt published by the Wall Street Journal, Losse began working at the social networking company in 2005, only one year after Facebook had vacated its first home in a Harvard dorm room. The excerpt highlights just how loosey-goosey with information Facebook could be in the beginning, while also illustrating how much the site has morphed (and matured) in the eight years. Losse writes:

A Stanford grad introduced me and another newbie to the janky application through which users' emails to Facebook flowed. Once we learned how the software worked, he taught us, without batting an eye, the master password with which we could log in as any Facebook user and gain access to all messages and data. "You can't write it down," he said, and so we committed it to memory.

I briefly experienced stunned disbelief: They just hand over the password with no background check to make sure that I am not a crazed stalker?

Security measures would be implemented later that made it impossible for anyone to use the master password without authenticating themselves as an employee. And a year after that, the password would disappear entirely in favor of other, more secure forms of logging in to repair accounts. But at the beginning, there was only one password. For us, as administrators, everything on Facebook really was there for the seeing.

Losse's account of a "master password" is corroborated by an interview with an anonymous female Facebook employee published by The Rumpus in 2010. As TechCrunch notes in its summary of the interview,

There was a master password that granted Facebook employees access to any account, if they knew it. The interviewee describes a password that would allow a Facebook employee to view anyone’s profile simply by typing in their unique user ID and the password (the password itself was a variation on ‘Chuck Norris’). This password was used primarily for engineering purposes, but other employees could find it “if they knew where to look”. To use the password, you would have to be accessing Facebook from the company’s ISP (in other words, there was no risk of it leaking to the web at large). The employee says that this power has been abused on at least two occasions, explaining that she is aware of two relating firings.

Privacy issues have plagued Facebook since its inception, and in 2011 Facebook settled with the Federal Trade Commission over allegations it deceived customers by making -- and then breaking -- promises regarding the privacy of users' data.

But Facebook has made efforts to tread more carefully when it comes to safeguarding its members' personal information and, in addition to doing away with the master password (according to Losse's account), has rolled out a (sometimes baffling) number of personal privacy settings that let people hide sensitive information from strangers, stalkers or workplace superiors. Facebook outlined its security measures in an infographic released last October, and has repeatedly tried to simplify its privacy settings, as well as offer more granular controls.

Before You Go

The Winklevoss Twins

People Zuck Burned On His Way To The Top

Popular in the Community