Facebook Announces Data Breach Affecting 50 Million Accounts

Identity theft is a multi-billion dollar problem.  Although many companies have responded to this threat appropriately, some continue to risk the theft of sensitive personal information entrusted to them by consumers.  Unfortunately, Facebook — one of the world’s largest social networks — appears to have failed to adequately protect the sensitive information of nearly 50 million users.

Facebook recently announced via press release that “[o]n the afternoon of Tuesday, September 25, [2018,] our engineering team discovered a security issue affecting almost 50 million accounts” and “that attackers exploited a vulnerability in Facebook’s code” that “allowed them to steal access tokens which they could then use to take over people’s accounts.”  In its press release, the company said they “have yet to determine whether these accounts were misused or any information accessed” and that they “don’t know who’s behind these attacks or where they’re based.”  As reported by the New York Times, during a conference all subsequent to the press release, a vice president of product management at Facebook stated that “[t]he hackers also tried to harvest people’s private information, including name, sex and hometown, from Facebook’s systems” and that “[Facebook] could not determine the extent of the attackers’ access to third-party accounts.”

Data thieves intentionally hack into inadequately protected systems to steal personal information with the primary incentive of using that private data to commit identity theft and financial fraud.  Identity theft wreaks havoc on consumers’ finances, credit history, and reputation and can take time, money, and patience to resolve.  Identity thieves use stolen personal information for a variety of crimes, including credit card fraud, phone or utilities fraud, banking or finance fraud, government fraud, and medical identity theft.  Moreover, a person whose personal information has been compromised may not see the full extent of identity theft or fraud for years.

Disclosure of personal information is unlawful, and the attorneys at Finkelstein, Blankinship, Frei-Pearson & Garber, LLP have recovered millions of dollars on behalf of victims of such disclosures.  If you have been notified by Facebook that your data may have been exposed, please contact us immediately to discuss your legal options.