Facebook rejects new allegation that it protected employees over users in 2018 breach
A class-action lawsuit over a 2018 breach of Facebook has another wrinkle: A new court filing reveals allegations that the social media company moved to protect its own employees from the exploited vulnerability while keeping users in the dark. Facebook called the allegation, made public Thursday, “absolutely false.” The plaintiffs’ claim centers on the company’s handling of a problem with the “access token” that lets people into their profiles without having to log in every time they visit Facebook. “Facebook knew about the access token vulnerability and failed to fix it for years, despite that knowledge,” says the court filing in the U.S. District Court for the Northern District of California. “Even more egregiously, Facebook took steps to protect its own employees from the security risk, but not the vast majority of its users.” A vulnerability in Facebook’s code allowed an attacker to steal the tokens. Facebook disclosed the breach last September, initially saying 50 million accounts were affected before […]
The post Facebook rejects new allegation that it protected employees over users in 2018 breach appeared first on CyberScoop.