A court filing on Thursday showed that some Facebook users are suing the social network over a 2018 data breach. The charge claims that Facebook, the largest social network failed to alert its users about a vulnerability in 2018, even though it protected its employees.
The vulnerability was tied to its single sign-on tool. This tool connects users to third-party apps on its platform via users’ credentials on Facebook.
The lawsuit is a combination of many legal actions against Facebook security breach in September which allowed hackers steal log in codes to access almost 29 million accounts. The plaintiffs queried in a redacted section of the filling in the US District Court in San Francisco that Facebook was well aware of the vulnerability before the havoc but chose to treat the issue like a walk in the park. “Even more egregiously, Facebook took steps to protect its own employees from security risk, but not the majority of is users,” the plaintiffs said.
Facebook is yet to respond to the lawsuit with a comment. The social network had revealed a few details initially when it disclosed the attack. It didn’t give an exact number of affected users, but admitted that the flaw it overlooked affected a “broad spectrum” of users.
The hackers stole profile details such as birth dates, employers, types of device used, location check-ins, religious preference and pages followed from 14 million users. For the other 15 million, the stolen information was restricted to names and contact details. The attackers also had access to contact list and groups of 400,000 users.
This is Facebook’s worst ever security breach.
Facebook did not deny its awareness about the flaw and neither did it deny protecting its employees or that probably it was an oversight. It only responded that the attackers did not have access to personal messages or financial data and could not have gained access to users’ accounts on other websites. This could have been very deadly.
Facebook has been popular on headlines concerning breaches. The social network is the most recent tech company to join other big techs involved in the audio recording saga. It also faces a fresh trouble with the British authority over inconsistencies with evidence and testimonies during the Cambridge Analytica scandal.