Facebook users in lawsuit say company failed to warn them of known risks before 2018 breach

Facebook users in lawsuit say company failed to warn them of known risks before 2018 breach
© Getty Images

Facebook users say in a new lawsuit that the company failed to properly disclose a data breach that affected tens of millions of accounts last year as well as problems with the social media site's sign-in feature, which reportedly led to the breach.

Reuters reported Friday that court filings in the U.S. District Court for the Northern District of California accuse Facebook officials of knowingly refusing to fix a data breach at the company for years, leading to the company's announcement last year that millions of users had information exposed to hackers.


“Facebook knew about the access token vulnerability and failed to fix it for years, despite that knowledge,” the court filings reportedly read.

“Even more egregiously, Facebook took steps to protect its own employees from the security risk, but not the vast majority of its users," the filings continue.

The lawsuit could seriously impact Facebook's business, as a judge in January reportedly said that he would authorize "bone-crushing" discovery in the case to determine exactly how many people were affected by the breach.

At the time, Facebook CEO Mark ZuckerbergMark ZuckerbergSenators to grill Instagram chief over platform's effect on children Rohingya refugees sue Facebook for 0B Hillicon Valley — Amazon draws COVID scrutiny MORE assured investors that the company was taking the breach "seriously."

"This is a real serious security issue and we’re taking it really seriously," he said last year. "It definitely is an issue that this happened in the first place."

A Facebook spokesperson defended the company's handling of the data breach in a statement to The Hill.

“We believe the case has no merit. We took immediate action to secure people's accounts when we discovered the security vulnerability that we announced in September of last year, and we came forward consistently to explain what we had learned," said the spokesperson.

Lawmakers said last year that the data breach indicated that it was time for Congress to step up and issue stronger regulations targeting tech companies and Americans' data security.

“Today’s disclosure is a reminder about the dangers posed when a small number of companies like Facebook or the credit bureau Equifax are able to accumulate so much personal data about individual Americans without adequate security measures," said Sen. Mark WarnerMark Robert WarnerHillicon Valley — Presented by Connected Commerce Council — Incident reporting language left out of package Language requiring companies to report cyberattacks left out of defense bill Democrats see Christmas goal slipping away MORE (D-Va.), referring to the Equifax credit bureau hack in 2017 that exposed about 145.5 million people.

“This is another sobering indicator that Congress needs to step up and take action to protect the privacy and security of social media users," he added. "As I’ve said before — the era of the Wild West in social media is over."

Updated at 4:15 p.m.