Hours after Facebook revealed that 50 million of its users were ‘directly affected’ by a security breach, two users announced their intent to initiate a class-action lawsuit.
Filed by lead plaintiffs Carla Echavarria and Derrick Walker in the U.S. District Court for the Northern District of California, the suit endeavors to include anyone whose “names, email address, recovery email accounts, telephone numbers, birthdates, passwords, and security answers” were exposed.
The complaint follows months of bad press for the social media behemoth, which has long been taken to task for its protection of user information and consumer data.
The suit suggests that Echavarria and Walker believe last week is symptomatic of larger faults within Facebook’s corporate culture and systems structure.
“This case involves the continuing and absolute disregard with which Defendant Facebook has chosen to treat the PII of account holders who utilize Facebook’s social media platform,” says the suit.
“While this information was supposed to be protected, Facebook, without authorization, exposed that information to third parties through lax and non-existent data safety and security policies and protocols.”
Echavarria and Walker say the coding flaw which led to the breach is indicative of Facebook’s “grossly inadequate” security measures.
Facebook has said the breach was related to its ‘View As’ feature. The eponymous button allows users to see their accounts from the perspective of the public or selected friends. ‘View As’ was primarily touted as a privacy management function, intended to optimize content sharing control.
Since news of the breach broke, Facebook has temporarily disabled the ‘View As’ function.
Another intrusion was purportedly engineered through misuse of a video uploading function. That exploit gave hackers access to users’ private messages and posts, both on Facebook and affiliated websites like Instagram and Etsy.
An investigation into the attack hasn’t yet led to the identities or origin of the hackers.
“We’re talking it really serious,” Mark Zuckerberg, Facebook’s chief executive, said in a statement. “We have a major security effort at the company that hardens all of our surfaces.
“I’m glad we found this,” he added. “But it is definitely an issue that this happened in the first place.”
By being negligent, the plaintiffs say Facebook’s made its users more susceptible to identity theft. More specifically, reports Forbes.com, the breach “allowed hackers and other nefarious users to take over user accounts and siphon off Personal Information for unsavory and illegal purposes.”
The suit seeks to represent “all persons who registered for Facebook accounts in the United States and whose PII was accessed, compromised, or stolen from Facebook in the September 2018 Data Breach.”
A class-action lawsuit has also been proposed in Canada. That filing, led by Toronto law firm Charney Lawyers PC, has yet to be certified.
Facebook says that it appears none of the hacked accounts were ‘misused.’