Facebook Lawsuit After Hack Of 29 Million Users

Facebook is facing legal action in the United States after a breach in September 2018, when hackers were able to steal data from 29 million accounts.

Facebook initially thought that the hackers had accessed 50 million accounts, but after an investigation the company revised this figure down to 29 million accounts.

The hackers were able to access a range of data depending on what people had on their profiles, but it included names, contact details (phone number, email etc); and in some cases username; gender; locale/language; relationship status; religion; hometown; self-reported current city; birthdate; device types used to access Facebook; education; work; the last 10 places they checked into or were tagged in; website, people or Pages they follow; and the 15 most recent searches

Facebook lawsuit

So pretty sensitive data then.

The lawsuit was in the US District Court for the Northern District of California in San Francisco, and according to Reuters, parts of the filing were heavily redacted.

What the filing did allege however is that the social network failed to warn customers about risks tied to its single sign-on tool, even though it protected its own staff. Single sign-on connects users to third-party social apps and services using their Facebook credentials.

It is understood that the lawsuit combined several legal actions, but all concern Facebook’s worst-ever security breach last September, when hackers stole login codes – or “access tokens” – that allowed them to access nearly 29 million accounts.

“Facebook knew about the access token vulnerability and failed to fix it for years, despite that knowledge,” the plaintiffs reportedly said.

“Even more egregiously, Facebook took steps to protect its own employees from the security risk, but not the vast majority of its users.”

Facebook did not respond to a request for comment.

GDPR fine?

It is not clear how many of those hacked are in Europe, but the data breach does raise the nightmare possibility for Facebook’s management of a General Data Protection Regulation (GDPR) fine in Europe.

The Irish Data Protection Commission, which is acting as the lead investigator on this side of the pond as Facebook has its European headquarters in Ireland, is investigating the breach.

Similar investigations are also reportedly underway in the US states of Connecticut and New York.

In Europe, the hack could result in Facebook being issued with a maximum fine of up to $1.63bn (£1.25bn), which is approximately 4 percent of its annual global revenue.

Quiz: Think you know all about Facebook?

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

9 hours ago

Former Policy Boss At X Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

11 hours ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

12 hours ago

FTX Co-Founder Gary Wang Spared Prison

Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…

13 hours ago