Nearly two months after Meta told its US workforce that tracking software would start logging their every click and keystroke, the company has hit pause. The reason isn’t a change of heart over privacy. It’s a leak. According to WIRED, Meta left sensitive data gathered from employee laptops sitting open to anyone inside the company, exposing keystrokes, mouse clicks, and screenshots of what was on workers’ screens. Meta is now investigating, and the timing couldn’t be more awkward for a program staff had warned about from day one.The data came from the Model Capability Initiative, or MCI, a tool Meta rolled out in April to US employees and contractors. It captures mouse movements, click locations, keystrokes, and periodic screen grabs, all fed into training the company’s AI models. Meta’s pitch was that its agents needed real examples of how humans actually use computers, from picking dropdown menus to firing off keyboard shortcuts. Workers saw it differently, and the leak has handed them an uncomfortable “we told you so.“
Meta data leak exposed 45,000 tables of employee activity
The exposure was significant. An internal security notice seen by WIRED said employee data across 45,000 hive tables had been left accessible companywide. That included full prompts and transcriptions, private conversations, and people and performance data. Business Insider, which obtained screenshots of the incident, reported it was classified internally as a SEV 2, the second-most-severe rating on Meta’s five-point scale.Meta spokesperson Tracy Clayton confirmed the company is investigating. “We have carefully designed this program with privacy safeguards,” Clayton said, adding that there’s no indication so far that any data was improperly accessed by employees. The incident was first flagged Monday in an internal security notice, and sources told WIRED it has since been marked closed, suggesting it was resolved. CTO Andrew Bosworth told staff the program’s rollout had fallen short of its own privacy review.
Meta employee tracking faced 1,600-worker petition before the breach
None of this surprised Meta employees. More than 1,600 of them signed an internal petition last month warning that collecting the data created security and regulatory risks, including the exact kind of breach that just happened. When MCI launched, there was no way to opt out. After weeks of pushback, Meta softened slightly, letting workers pause tracking for up to 30 minutes to handle personal tasks and offering limited exemptions to remote staff and those handling sensitive material.Mark Zuckerberg defended the effort directly. In leaked audio from a company meeting, the CEO said AI models learn best by “watching really smart people do things,” arguing Meta’s employees were sharper than contractors it could hire for the job. That framing didn’t land well with a workforce already rattled by roughly 8,000 layoffs and a turbulent reshuffle into AI-focused roles.
Meta MCI program is paused, but the AI push isn’t going away
For now, MCI is on hold. Meta told WIRED about the pause before informing its own employees, a sequencing that says plenty about the company’s morale crisis. Bosworth recently apologized to staff for the “atrocious” communication around Meta’s AI reorganization, promising clearer messaging and the return of some office perks.The bigger question is whether the program returns at all, and in what form. Meta has shown no sign of abandoning its broader push to automate work, even as it asks employees to help train the tools many fear will replace them.
