Facebook has failed to block a lawsuit over a data breach that impacted around 30 million users in 2018. A Federal appeals court in San Francisco recently rejected the social media giant’s request to dismiss the court case, in which petitioners claim that Facebook has proven itself negligent in handling and securing users’ data. the Bloomberg reported.
The U.S. District Judge William Alsup, who’s presiding over the petition, has permitted the case to go forward. “From a policy standpoint, to hold that Facebook has no duty of care here would create perverse incentives for businesses who profit off the use of consumers personal data to turn a blind eye and ignore known security risks,” Alsup said in a statement.
The social media giant announced that its team has discovered a security breach that affected nearly 50 million users globally in September 2018, although the victims’ number later revised to over 30 million.
Facebook stated a security vulnerability existed in its basic ‘View As’ feature which was often used to show how the account looks like to the public. The vulnerability in the code and a combination of three bugs allowed the hackers to penetrate the accounts.
“It looks like when Facebook built the ‘View As’ feature, they did this by making it a modification of how Facebook would work if actually viewed by that other user,” said professional web app hacker and cybersecurity researcher Thomas Shadwell to Forbes. “Which of course means if there’s a mistake they might end up sending the impersonated user’s credentials to the user of the ‘View As’ feature.”
Recently, the Turkish government’s watchdog, Personal Data Protection Authority (KVKK), fined Facebook a total of 1.65 million Lire ($270,976.01) for failing to protect its users’ personal information.
The fine comes after Facebook reported a data breach in December 2018, that exposed 6.8 million users’ private photos to third-party application developers. The social networking giant stated that its internal team discovered a photo API bug that allowed third-party apps to access users’ photos for 12 days between September 13 to September 25, 2018.
The company declared that it has fixed the issue, but some third-party apps may have had access to a wider set of photographs which were uploaded/shared on the Facebook Stories. KVKK stated that the data breach affected around 300,000 users in Turkey last year and Facebook did not reacted in time with technical precautions regarding the issue.
