Why should Facebook be accountable here instead of the party that acted maliciously? Facebook acted as a neutral carrier. Users told them to share their data with CA, and they did.
CA lied to both their users and even to Facebook itself (I think they breached FB API's terms and conditions), why should it be Facebook that's at fault?
In your argument, if a car is used in a robbery, should the car dealership or manufacturer be also at fault, even though the manufacturer had no idea this particular customer was going to use the car for malicious purposes?
If a car has parts that are easily hacked/broken into, leading to injury to its user while the user "chose" to drive, shouldn't the manufacturer be at fault? This is what happened with CA and Facebook's API.
I'm not saying CA shouldn't be held accountable, I'm saying Facebook also has part of the blame.
CA lied to both their users and even to Facebook itself (I think they breached FB API's terms and conditions), why should it be Facebook that's at fault?
In your argument, if a car is used in a robbery, should the car dealership or manufacturer be also at fault, even though the manufacturer had no idea this particular customer was going to use the car for malicious purposes?