U.S. District Judge James Ware in San Jose, California, yesterday unequivocally rejected Facebook's argument that Gould and Robertson's lawsuit should be dismissed because the users didn't show an injury sufficient to bring the case, which means the company will have to actually face the lawsuit. The judge granted the two men their right to sue, but was skeptical of the case overall.
Gould and Robertson, however, rather swiftly lodged a complaint alleging that the Facebook security flaw violated the Electronic Communications Privacy Act, the Stored Communications Act, and California's Computer Crime Law and Consumers Legal Remedies act.
The complaint basically accused the social network of sharing users' personal information with third-party advertisers, specifically sharing the username, or user ID, of Facebook users.
Facebook admitted that this happened, but downplayed the risks involved and quickly plugged the security hole in question.
You can find the relevant document embedded below:
A Facebook spokesperson said the company was "pleased with the court's ruling".