Meta Exposed Employee Keystroke Data in Security Breach
Original: Meta Exposed Data Internally From Its Controversial Employee-Tracking Program
Why This Matters
Highlights privacy risks in AI training data collection and employee surveillance programs at major tech companies.
Meta left sensitive employee data accessible to all company staff, including keystrokes and screen content collected for AI training. The company is pausing the controversial tracking program indefinitely after the breach.
Meta experienced a significant internal security incident involving data collected from its employee-tracking initiative called the Model Capability Initiative, which began in April 2026. According to a security notice reviewed by WIRED and confirmed by three current employees, employee data across 45,000 database tables was exposed internally, including keystrokes, mouse clicks, screen content, full prompts, transcriptions, private conversations, and performance data from US-based workers. Meta spokesperson Tracy Clayton confirmed the investigation and announced the company is indefinitely pausing the data collection program. Chief Technology Officer Andrew Bosworth acknowledged the implementation fell short of privacy review standards, stating misconfigured access control lists (ACLs) caused the breach. "Here we had misconfigured ACLs and we need to understand how that happened, track down every data access and understand it," Bosworth wrote in an internal post. Employees had previously raised concerns about the tracking initiative when it launched. The incident was marked as closed, suggesting it was resolved. Bosworth had previously assured concerned employees that the program was "tightly controlled" and used the same protection standards as other sensitive datasets.