Hackers were able to exploit a vulnerability in Facebook’s “View As” feature and gain access tokens for 30 million accounts. In response to their data been accessed, several users started class-actions against the company in San Francisco. The members say the breach was possible because the company did not have adequate security. “This case involves the continuing and absolute disregard with which Defendant Facebook, has chosen to treat the PII of account holders who utilize Facebook’s social media platform,” according to the initial complaint. “While this information was supposed to be protected, Facebook, without authorization, exposed that information to third parties through lax and non- existent data safety and security policies and protocols,” says the original lawsuit. Facebook has been attempting to shutter the case since March. However, U.S. district judge William Alsup believes the company should be held accountable. He says the case against Facebook for negligence will move forward. “From a policy standpoint, to hold that Facebook has no duty of care here ‘would create perverse incentives for businesses who profit off the use of consumers’ personal data to turn a blind eye and ignore known security risks,” Alsup wrote.

Breach

Facebook disclosed the breach itself. The View As feature allows users to see what their profile looks like if being viewed from another account. It is in place to help users see if their privacy settings are working as they should be. While the company failed to prevent the court action proceeding, Alsup did dismiss some of the claims against the network. Among them was the allegation Facebook breached its contract with users under California data protection laws. “We’re pleased that the court dismissed several claims and we look forward to continuing our defense of the remaining claims,” a Facebook spokesperson told Threatpost.

Facebook Fails to Have Data Breach Lawsuit Dismissed - 13Facebook Fails to Have Data Breach Lawsuit Dismissed - 60Facebook Fails to Have Data Breach Lawsuit Dismissed - 96Facebook Fails to Have Data Breach Lawsuit Dismissed - 67Facebook Fails to Have Data Breach Lawsuit Dismissed - 29