(Reuters) – Facebook (FB.O) users suing the world’s largest social media network over a 2018 data breach say it failed to warn them about risks tied to its single sign-on tool, even though it protected its employees, a court filing on Thursday showed.
FILE PHOTO: A Facebook logo on an Ipad is reflected among source code on the LCD screen of a computer, in this photo illustration taken in Sarajevo June 18, 2014. REUTERS/Dado Ruvic/File Photo
Single sign-on connects users to third-party social apps and services using their Facebook credentials.
The lawsuit, which combined several legal actions, stems from Facebook Inc’s worst-ever security breach in September, when hackers stole login codes – or “access tokens” – that allowed them to access nearly 29 million accounts.
“Facebook knew about the access token vulnerability and failed to fix it for years, despite that knowledge,” the plaintiffs said in a heavily redacted section of the filing in the U.S. District Court for the Northern District of California in San Francisco….