HomeWinBuzzer NewsFacebook Lawsuit Says It Failed to Warn Users of a Known Security...

Facebook Lawsuit Says It Failed to Warn Users of a Known Security Vulnerability

A court filing accuses Facebook of failing to disclose an access token to its users, despite taking steps to protect its employees. The resulting breach affected up to 29 million people.


A lawsuit against accuses the company of failing to inform users about a security flaw, despite taking steps to protect its employees. The vulnerability in question involves its single sign-on, a tool to connect users so third-party apps using their Facebook account.

The flaw led to a large-scale data breach, with stealing access tokens that allowed sign on to almost 29 million accounts.

“Facebook knew about the access token vulnerability and failed to fix it for years, despite that knowledge,” suggests the heavily redacted court filing. “Even more egregiously, Facebook took steps to protect its own employees from the security risk, but not the vast majority of its users.”

Facebook's Biggest Breach

14 million of the affected users had their profile details, like education history, devices used, recent searches, and more used. A further 14 million had their names and contact details leaked.

The breach occurred in September and is Facebook's worst to date. The company has been attempting to prevent San Fransico legal action moving forward but was shut down by the court. The current lawsuit combines several legal actions.

At the time Facebook's request was denied, U.S. district judge William Alsup said he believes the company should be held accountable.

“From a policy standpoint, to hold that Facebook has no duty of care here ‘would create perverse incentives for businesses who profit off the use of consumers' personal data to turn a blind eye and ignore known security risks,” he said.

Though the giant disclosed estimates of affected users, it did provide a per-country breakdown or other useful information.

Ryan Maskell
Ryan Maskellhttps://ryanmaskell.co.uk
Ryan has had a passion for gaming and technology since early childhood. Fusing the skills from his Creative Writing and Publishing degree with profound technical knowledge, he enjoys covering news about Microsoft. As an avid writer, he is also working on his debut novel.

Recent News