What I don't get is how this slipped past their attorney without him realizing it actually constitutes a violation of the Computer Fraud and Abuse Act.
Follow along with me carefully here...
The TOS of most of these sites only allows the individual to use their account for their own uses, and generally explicitly forbids sharing the account with anyone for any reason (barring the strange convolutions of minor-guardian relationships). Doesn't matter what Bozeman puts on the form--it doesn't and can't change the existing agreement between the user and the social networking site.
Violating the TOS basically invalidates the account, meaning it's very much not okay for someone other than the actual account owner to use it.
That's absolutely using a set of authentication credentials to exceed ones access knowingly, because it doesn't matter *what* the girl from HR was doing in that Facebook account--it's not their account, the owner can't legally give it to them, and Facebook expressly prohibits anyone other than the account owner from using it. This is rather explicitly illegal and has been for oh, about twenty years now.
"A car is just a big purse on wheels." -- Johanna Reynolds