Meta exposed employee-tracking data: 45,000 hive tables

Meta left potentially sensitive information collected from employee laptops accessible to anyone inside the company, an internal security notice and employee accounts show. The notice said "employee data across 45,000 hive tables" had been exposed; documents viewed by reporters list items including "full prompts and transcriptions, private conversations, people and performance data." The data is believed to include keystrokes, mouseclicks and content displayed on the computer screens of Meta's US employees.

What happened and how much data was exposed?

An internal security notice sent Monday stated employee data across 45,000 hive tables was exposed inside the company, and those tables contained employee activity such as full prompts, transcriptions, private conversations, people and performance data. The tracking effort, run as part of the Model Capability Initiative, collected computer inputs that workers say include mouse movements, click locations and keystrokes as well as screen content.

Meta spokesperson Tracy Clayton said the company is investigating the security issue and that "we have carefully designed this program with privacy safeguards," adding, "we have no indication at this time that any data was improperly accessed by Meta employees." Internal posts and employee forum comments show staffers raised questions about how privacy reviews failed and whether everyone whose data was potentially exposed would be briefed on what went wrong.

What is the Model Capability Initiative and who protested it?

The Model Capability Initiative, rolled out to US employees in April, is a monitoring tool designed to gather computer interactions to train AI systems to use software the way humans do. Employees who opposed the effort pointed to privacy, security and liberty concerns; more than 1,600 Meta employees signed an internal petition warning the program presents "security and regulatory risks for Meta, including the potential for breaches and unauthorized disclosure."

Some employees described the program as invasive, saying having laptop screens scraped for training data without consent felt like an invasion of privacy. Meta executives have defended the work as necessary to teach models how to operate software, and in leaked audio Mark Zuckerberg said "AI models learn from watching really smart people do things," adding the company's staff are stronger examples than contractors for creating this data. After protests, Meta began offering limited exemptions that let some staffers briefly turn off monitoring for sensitive tasks.

Why it matters

The incident compounds an existing morale problem at Meta, where staff have contended with layoffs, reorganizations and a broad push into AI. In March the company created an Applied AI team and moved some 6,500 employees into new roles focused on improving AI models, a shift some workers described as producing menial, "soul-crushing" assignments. Andrew Bosworth, Meta's chief technology officer, acknowledged the tracking program's implementation "had fallen short of the standards outlined in its privacy review" and said findings from the incident would be shared. The combination of large-scale data collection from employee devices and an exposure of that data raises both internal-trust and regulatory risk for the company.

How have leaders and employees reacted?

Internal forums filled with criticism after the security notice, with some employees posting jokes and others demanding stronger safeguards or that the tracking stop entirely. One former employee who pushed back on the program called the lapse "a mess" and said leadership had failed to acknowledge the risks staff raised. Company statements emphasize an investigation; one corroborating internal account says Meta paused the Model Capability Initiative while it investigates, a step employees learned about before an internal announcement.

What to watch

Look for the outcome of Meta's internal investigation and the company's disclosure of findings that Bosworth promised to share. Two concrete signals will matter most: whether Meta confirms any improper access to the exposed tables, and whether it resumes, permanently alters or fully stops the Model Capability Initiative after its review.