Facebook Hit with Class-Action Lawsuit Following User Data Misuse

Today’s topics include Facebook dealing with a class-action lawsuit following user data theft and a warning from Flashpoint that fraudsters are using HTTP injectors to steal internet access.

Facebook has been hit with a class-action lawsuit for ostensibly not providing adequate security for its users’ personal information.

The Hagens Berman law firm filed the class-action lawsuit against Facebook in San Jose, Calif., on April 9, accusing the social media giant of “unjust enrichment and violation of privacy and consumer-protection laws when it permitted app developers and other third parties to exploit its lax to non-existent enforcement practices.”

The lawsuit, filed in the U.S. District for the Northern District of California, seeks to represent a class of the estimated 70 million U.S. Facebook users whose data was harvested in 2014 through the voluntary user quiz “thisismydigitallife” and made available to third-party companies who purchased the Facebook user data to influence voting in U.S. elections.

Security firm Flashpoint is warning of an emerging attack pattern where fraudsters are using a technique known as HTTP injectors to steal internet access. Analysts at Flashpoint reported Monday that they have noticed an increase in fraudster conversations about HTTP injectors, which can be used to modify the HTTP headers sent on network requests to enable unauthorized internet access.

“Cyber-criminals use HTTP injectors to obtain free access to mobile internet,” Flashpoint analyst Olivia Rowley told eWEEK. “They may also be used to circumvent regional blocks.”  

For the attack that Flashpoint is tracking, most of the individuals appear to be low-level cyber-criminals or individuals hoping to get free internet in a fraudulent manner. The activity to date has been concentrated in South America, including Brazil and Colombia.