That's pretty horrendous that a recruiter would mention that to you. I'd heard initially there was a master password for fixing things before they had a proper login/auditing setup for account access.
Didn't think people would actually be logging into accounts on a whim to check out users.
It wasn't that they could log into any account they wanted (that would be much worse); it was that they could view any profile page they wanted, so it was essentially like an employee could become "friends" with a user, without the user knowing, and without the user's consent.
Didn't think people would actually be logging into accounts on a whim to check out users.