Facebook Lawsuit After Hack Of 29 Million Users

Facebook is facing legal action in the United States after a breach in September 2018, when hackers were able to steal data from 29 million accounts.

Facebook initially thought that the hackers had accessed 50 million accounts, but after an investigation the company revised this figure down to 29 million accounts.

The hackers were able to access a range of data depending on what people had on their profiles, but it included names, contact details (phone number, email etc); and in some cases username; gender; locale/language; relationship status; religion; hometown; self-reported current city; birthdate; device types used to access Facebook; education; work; the last 10 places they checked into or were tagged in; website, people or Pages they follow; and the 15 most recent searches

Facebook lawsuit

So pretty sensitive data then.

The lawsuit was in the US District Court for the Northern District of California in San Francisco, and according to Reuters, parts of the filing were heavily redacted.

What the filing did allege however is that the social network failed to warn customers about risks tied to its single sign-on tool, even though it protected its own staff. Single sign-on connects users to third-party social apps and services using their Facebook credentials.

It is understood that the lawsuit combined several legal actions, but all concern Facebook’s worst-ever security breach last September, when hackers stole login codes – or “access tokens” – that allowed them to access nearly 29 million accounts.

“Facebook knew about the access token vulnerability and failed to fix it for years, despite that knowledge,” the plaintiffs reportedly said.

“Even more egregiously, Facebook took steps to protect its own employees from the security risk, but not the vast majority of its users.”

Facebook did not respond to a request for comment.

GDPR fine?

It is not clear how many of those hacked are in Europe, but the data breach does raise the nightmare possibility for Facebook’s management of a General Data Protection Regulation (GDPR) fine in Europe.

The Irish Data Protection Commission, which is acting as the lead investigator on this side of the pond as Facebook has its European headquarters in Ireland, is investigating the breach.

Similar investigations are also reportedly underway in the US states of Connecticut and New York.

In Europe, the hack could result in Facebook being issued with a maximum fine of up to $1.63bn (£1.25bn), which is approximately 4 percent of its annual global revenue.

Quiz: Think you know all about Facebook?

Tom Jowitt @TJowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Brazil Launches Nationwide Instant Payments System

Brazil's central reserve bank set to offer instant payments infrastructure as basis for private services aimed at companies and individual…

1 hour ago

FinTech Part 2: Building the FinTech Ecosystem

How are FinTech companies innovating? What's the tech that sits behind the development of their apps and support networks, and…

1 hour ago

Latest SpaceX Funding Round Could Value Company At £28bn

Elon Musk's rocket company looks to raise additional $250m as it builds satellite broadband network, NASA orbital vehicle and Mars…

2 hours ago

Uber To Relaunch Self-Driving Vehicle Tests In California

Uber gradually resumes tests of autonomous vehicles after 2018 fatality, as self-driving car companies face increasing pressure to show path…

3 hours ago

US State Sues Google For ‘Illegally Gathering Data On Children’

Federal lawsuit by US state of New Mexico accuses Google of illegally gathering students' data via G Suite for Education…

3 hours ago

Researchers Use AI To Find New Type Of Antibiotic

MIT researchers use machine learning to pinpoint molecule capable of killing drug-resistant bacteria in approach said to usher in a…

4 hours ago