Saturday , October 1 2022

Facebook has filed a lawsuit for failing to alert users of a breach


Facebook users have sued the world's largest social network for data breaches in 2018, saying Facebook failed to warn them about the dangers of the Facebook sign-in tool, though it protects its employees.

Prosecutors say in the lawsuit that the social network was aware of the security risks that led to the hack in 2018, but did not warn their users about those risks.

The sign-in tool connects users to external social applications and services using Facebook login credentials.

The lawsuit, which combines several lawsuits, was based on the worst breach of Facebook security in September 2018, when hackers stole login or access tokens, allowing them access to nearly 29 million accounts.

"Facebook knows the security gaps in access tags and has failed to correct it for years, despite that knowledge, prosecutors at the U.S. District Court for the Northern District of California in San Francisco said." Facebook has taken steps to protect its employees from risks, "she said. Security, but didn't care for the majority of its users."

Facebook revealed little details of the initial disclosure of the attack, saying it had affected a wide range of users without dividing the numbers by country.

Attackers received profile information such as date of birth, work, education, religion, device types, follow-up pages, recent searches, and site checks for up to 14 million users, while the remaining 15 were restricted to name and contact information, Attackers can view posts, friends lists and groups for up to 400,000 users.

At the time, Facebook said they were not stealing personal messages or financial reports and could not access user accounts on other websites.

The case focuses on the risk of a tool that provides access to third-party applications and services, so that if a user's Facebook account is compromised, their other accounts may also be at risk.

According to court records, Facebook was aware of this risk, alerting its employees to a security issue using the sign-in tool without alerting users.

Source link