Katherine Losse was employee 51 at Facebook. She rose from a position as an early customer service rep to become ghostwriter on Zuckerberg’s blog. Disenchanted with amount of information gathered on users, and also the influence Facebook has on personal communication, Losse left Facebook and wrote a book, “The Boy Kings: A Journey Into the Heart of the Social Network.”
A Washington Post article by Craig Timberg, recounts an early Losse experience at Facebook:
In her first days, she was given a master password that she said allowed her to see any information users typed into their Facebook pages. She could go into pages to fix technical problems and police content. Losse recounted sparring with a user who created a succession of pages devoted to anti-gay messages and imagery. In one exchange, she noticed the man’s password, “Ilovejason,” and was startled by the painful irony.
This report of a master password matches what was reported in a anonymous interview in 2010. A master password (which was “chuck norris”) has been replaced with a tool where you must supply a reason for access.
More worrisome is the ability of a CSR (more abuse staff, but CSR is the title used) to access the plaintext password of a Facebook user. Facebook founder Mark Zuckerberg was accused of using Facebook account username and passwords to log into the Harvard email accounts of rivals. Passwords were cleartext in 2005 according to Losse. I wonder when/if they began to store passwords securely.