(Reuters) – Facebook ( FB.O ) users sued the world's largest social media network over a data breach in 2018, saying they failed to warn them of the risks associated with the only login tool, even although it protected its employees, a court filing showed on Thursday.
FILE PHOTO: A Facebook logo on an Ipad is reflected by the source code on the LCD of a computer, in this photograph taken in Sarajevo on June 18, 2014. REUTERS / Dado Ruvic / File Photo
Single sign-on connector users to third-party social apps and services using Facebook credentials.
The lawsuit, which combined several legal actions, stems from Facebook Inc's worst security breach ever in September, when hackers stole login credentials – or "access signs" – that allowed them to access nearly 29 million accounts.
"Facebook knew about the access token vulnerability and failed to fix it for years, despite that knowledge," said the plaintiffs in a heavily edited portion of the filing in the U.S. District Court for the Northern District of California in San Francisco.
"Facebook has taken even more serious steps to protect its own employees from the security risk, but not the vast majority of users."
Facebook did not immediately respond to a request for comment.
Judge William Alsup told Facebook in January that he was willing to allow "bone crushing" in the case to reveal how much user data was stolen.
Facebook has revealed few details since they first revealed the attack, saying only that it affected a "wide" range of users without distributing the numbers by country.
The attackers took profile information such as date of birth, employers, educational history, religious preference, types of devices used, pages followed, and recent searches and site check-in from 14 million users.
For the other 15 million users, the breach was limited to names and contact information. In addition, attackers could see posts and lists of friends and groups of around 400,000 users.
They did not steal personal messages or financial data and did not access user accounts on other websites, Facebook said.
Reporting by Katie Paul; Editing by Richard Chang