Facebook has been accused of failing to inform users that they were at risk of their data being stolen following a significant data breach last year.
The social media giant gave users insufficient warning that their Facebook accounts could be compromised due to security errors in the login system.
Facebook is being sued in the US after last year's attack, leaving about 29 million user accounts open to hackers.
- The best internet security suites from 2019
- Facebook hit with £ 500k fine after Cambridge Analytica scandal
- At least 1.5% of online passwords have been compromised, Google says
Facebook security risk
The accusation came as part of an ongoing lawsuit filed by a group of Facebook users after the September 2018 infringement. Hackers were able to access millions of Facebook accounts after stealing ' access tokens ' which were used to log in users who connected via third-party apps and services.
Users would log into the site through these services using their Facebook login credentials, meaning gaining control over the tokens would give attackers access to full accounts.
"Facebook was aware of the vulnerability of the access token and, despite that knowledge, was unable to remedy it for years," said the court that filed a complaint with the US court for the Northern District of California in San Francisco.
"Even more seriously, Facebook has taken steps to protect its own employees from the security risk, but not the vast majority of its users."
Of those affected, around 14 million saw profile details such as birth dates, employers, educational history, religious preferences, device types used, pages followed and recent searches and stolen location check-ins.
Names and contact details became visible to the other 15 million users, with around 400,000 others having their messages and lists of friends and groups open.
Facebook still has to respond to the submission, but is still asking more questions about its security systems.
The Facebook company was fined $ 5 billion by the US Federal Trade Commission (FTC) last month to resolve privacy issues about the Cambridge Analytica data-stealing scandal.
- The best VPN service from 2019