Facebook Had a Master Password Its Early Employees Could Use to Log In as Any User
This interesting nugget in a Wall Street Journal article today, called “The Woman in the Facebook Frat House”:
Once we learned how the software worked, he taught us, without batting an eye, the master password with which we could log in as any Facebook user and gain access to all messages and data. “You can’t write it down,” he said, and so we committed it to memory.
I briefly experienced stunned disbelief: They just hand over the password with no background check to make sure that I am not a crazed stalker?
Security measures would be implemented later that made it impossible for anyone to use the master password without authenticating themselves as an employee. And a year after that, the password would disappear entirely in favor of other, more secure forms of logging in to repair accounts. But at the beginning, there was only one password. For us, as administrators, everything on Facebook really was there for the seeing.
I’m told this is normal and was also true at Twitter.
How many early Facebook users were aware Mark Zuckerberg and any Facebook employee could easily log into their account on a whim?
The WSJ article is an excerpt from a new book by Katherine Losse, who joined Facebook in 2005 as an early member of its customer-relations staff.
Source: The Wall Street Journal
