Facebook Lawsuit After Hack Of 29 Million Users

Facebook is facing legal action in the United States after a breach in September 2018, when hackers were able to steal data from 29 million accounts.

Facebook initially thought that the hackers had accessed 50 million accounts, but after an investigation the company revised this figure down to 29 million accounts.

The hackers were able to access a range of data depending on what people had on their profiles, but it included names, contact details (phone number, email etc); and in some cases username; gender; locale/language; relationship status; religion; hometown; self-reported current city; birthdate; device types used to access Facebook; education; work; the last 10 places they checked into or were tagged in; website, people or Pages they follow; and the 15 most recent searches

Facebook lawsuit

So pretty sensitive data then.

The lawsuit was in the US District Court for the Northern District of California in San Francisco, and according to Reuters, parts of the filing were heavily redacted.

What the filing did allege however is that the social network failed to warn customers about risks tied to its single sign-on tool, even though it protected its own staff. Single sign-on connects users to third-party social apps and services using their Facebook credentials.

It is understood that the lawsuit combined several legal actions, but all concern Facebook’s worst-ever security breach last September, when hackers stole login codes – or “access tokens” – that allowed them to access nearly 29 million accounts.

“Facebook knew about the access token vulnerability and failed to fix it for years, despite that knowledge,” the plaintiffs reportedly said.

“Even more egregiously, Facebook took steps to protect its own employees from the security risk, but not the vast majority of its users.”

Facebook did not respond to a request for comment.

GDPR fine?

It is not clear how many of those hacked are in Europe, but the data breach does raise the nightmare possibility for Facebook’s management of a General Data Protection Regulation (GDPR) fine in Europe.

The Irish Data Protection Commission, which is acting as the lead investigator on this side of the pond as Facebook has its European headquarters in Ireland, is investigating the breach.

Similar investigations are also reportedly underway in the US states of Connecticut and New York.

In Europe, the hack could result in Facebook being issued with a maximum fine of up to $1.63bn (£1.25bn), which is approximately 4 percent of its annual global revenue.

Quiz: Think you know all about Facebook?

Tom Jowitt @TJowitt

Tom Jowitt is a leading British tech freelance and long standing contributor to TechWeek Europe

Recent Posts

Google Completes Integration of DeepMind Health

NHS Trusts agree to allow Google to process NHS data, as DeepMind Health completes integration

13 hours ago

Microsoft President Calls For US To End Huawei Ban

US national security will not be impacted if Huawei is able to use Microsoft's OS and software, says Brad Smith

15 hours ago

Buying Huawei: A wolf in sheep’s clothing?

With news that Huawei Technologies’ founder and chief executive Ren Zhengfei, has offered to sell their 5G technology to a…

15 hours ago

AI Powered Mei Messaging App Arrives On iOS

Crush Analyser. Messaging app that includes an AI assistant to improve personal relationships, arrives on iOS

15 hours ago

SpaceX Plans 24 Starlink Launches Next Year

SpaceX executive confirms low earth orbit-based broadband project will see 24 Starlink launches in 2020

16 hours ago

Apple To Use Recycled Rare Earth Elements In iPhones

Good for the planet and good for the trade war. Apple agrees deal to reuse recycled rare earth elements

19 hours ago