By Jenna Connors
In September 2018, over 29 million people received a notification from Facebook officials informing them of a “security issue.” Experienced hackers had been using the “View As” feature, which allows users to see what your profile looks like to other users, to access these profiles. They now had access to personal information of these users, such as emails, telephone numbers, hometown, birthdate, and other location settings such as checked-in places. Consequently, attorneys in the Northern District of California filed a class action lawsuit against Facebook alleging a flaw in Facebook’s code and grossly inadequate security measures that exposed those users to possible identity theft.
Hacks such as this happen on multiple social media outlets, such as Instagram, exposing millions of others to identity theft and extreme frustration. For example, in August 2018 thousands of Instagram users were locked out of accounts by Russian email accounts that changed all identifying information so these users had no recourse. Users could not even reset their passwords and had serious trouble getting in touch with Instagram officials to regain access to their accounts.
A key issue in all of these social media hacks lies in how to hold these sites accountable. Based on information from Instagram’s August hack, it seems that it was extremely difficult to even get ahold of a person at Instagram who could help users regain access. Their only remedy was through Instagram’s Help Center; there is no 1-800 number to call to expedite the process to protect users’ information quickly. Facebook bought out Instagram in 2012 so the process to contact Facebook officials is likely similar and just as frustrating. Additionally, it is unclear as to whether getting access to a person’s personal information is the same thing as identity theft. Users may only have a cause of action if they were affected by this hack, for example, if their information was used to open credit cards or access other financial information. After all, to prove negligence damages must also be proven.
The court could possibly find that Facebook was not negligent through its security features since there is probably no foolproof way to prevent hacks. Regardless, this lawsuit could set precedent for social media officials to strengthen security features. As we progress through the 21st century, many more types of social media outlets will be created and users deserve to know that they can use these sites without worrying about severe repercussions or being exposed to identity theft.
Student Bio: Jenna Connors is currently a third-year student at Suffolk University Law School and a Content Editor on The Journal of High Technology Law interested in criminal defense. She holds a B.A. in political science from Assumption College.
Disclaimer: The views expressed in this blog are the views of the author alone and do not represent the views of JHTL or Suffolk University Law School.