Meta Employee Keystroke Data Exposed in Internal Security Breach

Security Failure Exposes Worker Surveillance Data

Meta left sensitive information collected from employee laptops accessible to anyone inside the company, according to an internal security notice and three current employees who spoke with WIRED. The exposed data included keystrokes, mouse clicks, and screen content from Meta's US workforce—information gathered as part of a controversial AI training initiative.

The breach affected employee data across 45,000 internal databases, known as hive tables. According to documents reviewed by WIRED, the exposed information included full prompts and transcriptions, private conversations, and people and performance data. Meta spokesperson Tracy Clayton confirmed the company is investigating but stated there is "no indication at this time that any data was improperly accessed by Meta employees."

Why it matters

This incident validates the security risks that over 1,600 Meta employees warned about when they petitioned against the surveillance program last month. When companies collect granular employee activity data—even for legitimate AI training purposes—they create concentrated repositories of sensitive information that become high-value targets. The breach demonstrates how internal access controls can fail, potentially exposing everything from confidential business communications to personal information employees entered during work hours.

Tracking Program Sparked Internal Revolt

Meta began monitoring corporate laptops in April through its Model Capability Initiative, designed to train AI systems to use software like humans do. CEO Mark Zuckerberg defended the approach in a leaked company meeting, arguing that AI models learn from "watching really smart people do things" and that Meta employees have "significantly higher" intelligence than contractors who could be hired for similar data collection.

The program triggered immediate backlash. More than 1,600 employees signed an internal petition warning that "collecting this data introduces both security and regulatory risks for Meta, including the potential for breaches and unauthorized disclosure." One engineer wrote in a widely shared note that having their screen scraped without consent felt like an invasion of privacy and exploitation.

Company Response and Ongoing Tensions

In an internal post following the breach, Meta CTO Andrew Bosworth acknowledged that the tracking program's implementation "had fallen short of the standards outlined in its privacy review." The company has since offered more exemptions, allowing employees to temporarily disable surveillance for sensitive personal tasks like scheduling medical appointments. However, some workers continue demanding the program be stopped entirely.

The security incident compounds existing morale problems at Meta, where employees have faced years of mass layoffs, organizational upheaval, and an intense push into AI development. In March, the company moved 6,500 employees into new AI-focused roles, with some describing their reassigned work as menial and "soul-crushing."

Bosworth sent a separate memo last week apologizing for "atrocious" communication about the AI reorganization and promising improvements, including clearer updates and the return of some office perks.

Sources at Meta indicated the security incident has been marked as closed, suggesting it was resolved. The full details of the breach and its findings are expected to be shared with employees.

These details were first reported by WIRED.