Facebook woke up to another federal lawsuit on Thursday -- the fourth filed against the company so far this month. This go-around, a group of the social media platform’s users say the company neglected to inform its flock about a data breach and the potential risks of its single sign-on tool, the entry point for the hackers behind that breach.
Adding even more egg to the company’s face, Reuters reports that the lawsuit claims that Facebook protected its employees from the same hazard.
In a nutshell, hackers ran off with access tokens -- digital keys that keep users logged in to Facebook so they don't have to repeatedly log-in -- that gave them access to Facebook users’ accounts. Originally, the estimated number of users taking a hit was 50 million. Facebook then rolled that back to 30 million.
“Facebook knew about the access token vulnerability and failed to fix it for years, despite that knowledge,” the plaintiffs said in the filing with the U.S. District Court for the Northern District of California.
The lowdown of who, what, and how many
There’s two tiers to this hack. In one that covered 14 million users, the hackers ran off with personal profile details that included birth dates, employers, education history, religious preference, types of devices used, pages followed, and recent searches and location check-ins.
For 15 million other users, the breach was limited to just name and contact details. And for the remaining half-million or so, the hackers could spy on posts and lists of friends and groups that the user was connected to. According to Facebook, the cyber thieves did not steal personal messages or financial data and did not access users’ accounts on other websites.