(Reuters) – Facebook (FB.O) users suing the world’s largest social media network over a 2018 data breach say it failed to warn them about risks tied to its single sign-on tool, even though it protected its employees, a court filing on Thursday showed.
Single sign-on connects users to third-party social apps and services using their Facebook credentials.
The lawsuit, which combined several legal actions, stems from Facebook Inc’s worst-ever security breach in September, when hackers stole login codes – or “access tokens” – that allowed them to access nearly 29 million accounts.
“Facebook knew about the access token vulnerability and failed to fix it for years, despite that knowledge,” the plaintiffs said in a heavily redacted section of the filing in the U.S. District Court for the Northern District of California in San Francisco.
“Even more egregiously, Facebook took steps to protect its own employees from the security risk, but not the vast majority of its users.”…
Source news reuters.com, click here to read the full news.