Facebook failed to warn users of known risks before 2018 breach: court filing
The lawsuit, which blended several prison actions, stems from Facebook Inc’s worst-ever protection breach in September, when hackers stole login codes – or “access tokens” – that allowed them to get admission to nearly 29 million accounts
Facebook users suing the world’s greatest social media community over a 2018 records breach say it failed to warn them about dangers tied to its single sign-on tool, even although it included its employees, a court filing on Thursday showed.
Single sign-on connects customers to third-party social apps and services using their Facebook credentials.
The lawsuit, which combined a number of felony actions, stems from Facebook Inc’s worst-ever security breach in September, when hackers stole login codes – or “access tokens” – that allowed them to get entry to nearly 29 million accounts.
“Facebook knew about the get entry to token vulnerability and failed to repair it for years, in spite of that knowledge,” the plaintiffs stated in a heavily redacted part of the filing in the U.S. District Court for the Northern District of California in San Francisco.
“Even more egregiously, Facebook took steps to protect its very own personnel from the security risk, however no longer the vast majority of its users.”
Facebook did now not right away respond to a request for comment.
Judge William Alsup told Facebook in January he was willing to permit “bone-crushing discovery” in the case to uncover how much consumer data was stolen.
Facebook has printed few details due to the fact firstly disclosing the attack, saying solely that it affected a “broad” spectrum of customers barring breaking down the numbers by using country.
The attackers took profile details such as start dates, employers, education history, religious preference, kinds of units used, pages observed and current searches and location check-ins from 14 million users.
For the other 15 million users, the breach was restricted to title and contact details. In addition, attackers could see the posts and lists of buddies and groups of about 400,000 users.
They did not steal private messages or economic information and did now not access users’ accounts on other websites, Facebook said.
