Hack worse than first thought
Facebook could face the largest class action lawsuit ever launched after the personal information of up to 90m users of the social networking site was left exposed to hackers.
A class action complaint has already been filed against the company in America over the hack which has affected its chief executive, Mark Zuckerberg, its chief operating officer, Sheryl Sandberg, and its European vicepresident, Nicola Mendelsohn.
The hack has turned out to be more severe than was first thought, with concerns that the attackers were able to access not only the accounts of affected users but also other apps that use Facebook for their sign-in functions.
This would include the dating app Tinder, the holiday rental app Airbnb and the streaming service Spotify.
Facebook does not yet have evidence that the attackers accessed third-party apps, however, and is still investigating.
The US giant revealed on Saturday that 50 million people who have used the site’s ‘‘view as’’ feature – which enables them to see what their profiles look like to other users – had been attacked, while a further 40 million who have interacted with the feature were also vulnerable.
Facebook yesterday faced calls from British MPs to allow regulators in to investigate the breach. Damian Collins, chairman of the Commons digital, culture, media and sport committee, said there was ‘‘a lack of trust’’ in the US giant.
‘‘The information commissioner and other international bodies should be allowed into Facebook to see how it is music handling data,’’ Collins said.
‘‘Currently all this investigatory work is done internally at Facebook – there’s no outside scrutiny – and we don’t know when they knew or what other accounts were compromised.
‘‘There’s a lack of trust here because Facebook tends to give away the minimum informationat at every turn – that’s why we need independent scrutiny.’’
Collins also renewed his calls for Zuckerberg to appear before MPs for a grilling over the company’s handling of data. ‘‘Zuckerberg is the one, by his own admission, who knows what is going on at Facebook; we need him to explain how vulnerable users’ data is,’’ Collins said.
‘‘If [Zuckerberg] ever enters the UK we will issue a summons for him to appear. This is about the vulnerability of Facebook and how it operates. Facebook holds an enormous amount of data and it’s not safe.’’
The attackers were able to dupe Facebook into issuing digital keys, or ‘‘access tokens’’, to allow them into users’ accounts. Facebook spotted unusual activity this month and realised on Wednesday that it had been hacked, when it claimed to have revoked these access tokens. But this security hole had been open for more than a year.
It emerged yesterday that YouTube, which is owned by Google, hosts videos showing users how to hijack Facebook accounts, using a similar method to that employed by these hackers.
Hours after the hack was revealed, a class action complaint was filed against Facebook by plaintiffs named as Carla Echavarria of California and Derrick Walker of Virginia.
– The Times
‘‘Zuckerberg is the one, by his own admission, who knows what is going on at Facebook; we need him to explain how vulnerable users’ data is.’’ Damian Collins, chairman of the Commons digital, culture, media and sport committee