Selena Gomez and Justin Bieber

Gareth Crosskey, 21, a UK citizen was jailed for 1 year for “hacking” Selena Gomez’s Facebook account.  The FBI got involved and traced the “hack” back to the UK. According to the Police Central e-Crime Unit Mr. Crosskey was charged under UK law for violations of Section 1 of the Computer Misuse Act 1990 which makes it illegal to secure unauthorized access to data and Section 3 which makes it illegal to commit unauthorized acts with the intent to impair the operation of or prevent access to a computer.  Mr. Crosskey pled guilty and was sentenced to 1 year in jail.

When discussing “hackings” often what is meant is that someone found a way to exploit a weakness of another person’s computer or network.  But here it was not a weakness in Facebook technology (or Gomez’s computer) but instead a human weakness.  Apparently Mr. Crosskey did not actually “hack” Gomez’s Facebook account, but instead convinced Facebook staffers that he was the administrator of the Facebook account and had the Facebook staffers reset the password for him.  This means Facebook gave the password away to an unauthorized user.

This raises the question: Could Selena Gomez sue Facebook in tort for damages? The “hacker” apparently only posted “Justin Bieber sucks!” on Gomez’s Facebook page but he could have caused much more serious reputational damage.  It could be argued that Facebook’s negligence in giving away the password was the cause of the damage, giving rise to liability. It appears Facebook agrees that this presents a risk of potential liability.

Facebook’s IPO is off to a rocky start,with its stock price falling below the initial $38 IPO price.  But as part of Facebook’s required IPO filings, its S-1 has a long list of specific risks that could negatively impact Facebook’s performance. One of those risks is “improper access or disclosure of user information,” whereby Facebook acknowledges that user information could be improperly disclosed due to “employee error or malfeasance” and that “the affected users or government authorities could initiate legal or regulatory action against us in connection with such incidents, which could cause us to incur significant expense and liability. . . .”  It appears that Facebook recognizes there is a serious risk of tort liability and has disclosed it in connection with it’s IPO.

While 47 U.S.C. 230 protects Facebook from content posted by third-parties in the United States, Facebook could still face potential liability for giving away access to a user’s account.  But given the international scope of this incident, Facebook has a lot more to worry about than just U.S. law.  In its disclosures, Facebook acknowledges that in some markets it may be liable simply for content posted by third parties, not just its own actions. It looks like Facebook recognizes the risk of liability for this exact situation and Selena Gomez could possibly successfully sue Facebook.  If your Facebook account was hacked, maybe it wasn’t your fault…maybe Facebook negligently gave away your password. If so, Facebook could be liable for any damage caused.


Nick Barry

Image Source

2 Responses to Selena Gomez’s Facebook Hacker Gets Year in Jail – Could She Sue Facebook?

  1. Anonymous says:

    Sfjavshasqst o

  2. Ritaw says:

    Great review, Nick. Your write-up certainly made more sense than the original article.