A Facebook logo on an Ipad is reflected among source code on the LCD screen of a computer, in this photo illustration taken in Sarajevo June 18, 2014.
PHOTO: REUTERS
Single sign-on connects users to third-party social apps and services using their Facebook credentials.
The lawsuit, which combined several legal actions, stems from Facebook’s worst-ever security breach in September, when hackers stole login codes - or “access tokens” - that allowed them to access nearly 29 million accounts.
US lawmakers take jabs at Amazon, Big Tech in antitrust hearing
“Facebook knew about the access token vulnerability and failed to fix it for years, despite that knowledge,” the plaintiffs said in a heavily redacted section of the filing in the US District Court for the Northern District of California in San Francisco.
“Even more egregiously, Facebook took steps to protect its own employees from the security risk, but not the vast majority of its users.”
Facebook did not immediately respond to a request for comment.
Judge William Alsup told Facebook in January he was willing to allow “bone-crushing discovery” in the case to uncover how much user data was stolen.
US lawmakers challenge Facebook over Libra cryptocurrency plan
Facebook has revealed few details since initially disclosing the attack, saying only that it affected a “broad” spectrum of users without breaking down the numbers by country.
The attackers took profile details such as birth dates, employers, education history, religious preference, types of devices used, pages followed and recent searches and location check-ins from 14 million users.
For the other 15 million users, the breach was restricted to name and contact details. In addition, attackers could see the posts and lists of friends and groups of about 400,000 users.
They did not steal personal messages or financial data and did not access users’ accounts on other websites, Facebook said.
1725877703-0/Tribune-Pic-(5)1725877703-0-165x106.webp "article")
1727160662-0/Google-(2)1727160662-0-270x192.webp "us pushes to break up google calls for chrome sell off in major antitrust move")
1732085354-0/insta-(1)1732085354-0-270x192.webp "instagram now lets you reset your entire feed here s how")
COMMENTS
Comments are moderated and generally will be posted if they are on-topic and not abusive.
For more information, please see our Comments FAQ