Facebook was repeatedly warned of security flaw that led to biggest data breach in its history

The breach, which involved stealing digital "access tokens" used by Facebook to verify users' identity without needing their passwords, exposed the names, phone numbers and email addresses of 29 million people and a host of more intimate data for 14 million of them, putting users around the world at risk of identity theft.

Yet according to internal documents, released as part of a lawsuit against the company, Facebook had repeatedly failed to adequately address concerns raised as early as December 2017 by its own engineers, who feared that access tokens would be "easy" for criminals to exploit. 

After the breach, which was the largest in Facebook's history and affected three million people in the European Union, employees lamented that technical changes that could have stopped it from happening were never completed, with one alleging that the warnings were "almost all ignored".