#privacy: Facebook could have done more to inform data breach victims of risks

data breach

Victims of the data breach that hit Facebook in 2018 were not given enough warning about the risks of having their data stolen, a court has heard.

At the end of the summer last year, news broke of how the personal details of millions of account holders had been exposed through the social network.

Hackers managed to obtain “access tokens” – a security function that allows users to remain logged into their account pages for more than one session without the need to re-enter login credentials multiple times.

Now lawyers have said that those affected were not given enough details regarding the potential for their confidential information to be compromised through security flaws in the Facebook sign-on system.

Mark Zuckerberg’s firm is currently being sued in the States, following the data breach which left around 30 million user accounts vulnerable to hacking.

The allegations have come within a continuing court case opened by a union of Facebook account holders, the members of which came together after the incident in September 2018.

At the US District Court for the Northern District of California in San Francisco, a court filing read:

“Facebook knew about the access token vulnerability and failed to fix it for years, despite that knowledge. Even more egregiously, Facebook took steps to protect its own employees from the security risk, but not the vast majority of its users.”

Among personal data stolen from around 14 million of the intrusion’s victims, were birth dates, employment histories, religious persuasion, smart devices owned, liked pages, location information and search histories.

A further 15 million victims had names and contact details stolen, while another 400,000 had their Facebook posts, lists of friends and groups’ names exposed.

Facebook has not given any response to the ruling yet, and awaits further questioning over the strength of its cyber-security.

In July of this year, Facebook was hit with a record-breaking $5bn fine by the US Federal Trade Commission (FTC) following its part in the Cambridge Analytica scandal.


PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.

For more information on upcoming events, visit the website.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.