Facebook sued two Ukrainian men for allegedly using test applications to scrape the private data of Facebook users and inject advertisements into their News. The suit, filed on Friday, accuses Gleb Sluchevsky and Andrey Gorbachev of executing a multi-year piracy scheme.
Between 2017 and 2018, users were encouraged to install malicious browser add-ons that promised "popularity and character" testing, apparently infecting about 63,000 Facebook user browsers. Sluchevsky and Gorbachev allegedly operated four web applications, including "Supertest" and "FQuiz", aimed primarily at Russian and Ukrainian users. According to the court presentations, applications offered personality tests such as "Who are you of modern vampires?" (Illustrated by a poster of Twilight ) and "Who is yours [sic] doppelganger of the past?" (Illustrated by images of Stalin and Lenin), as well as evidence like "Do you have real blood?"
Web applications used the Facebook login feature and promised to collect only limited information. However, they would then direct users to install web browser extensions that gave hackers access to the accounts of Facebook users (and other social networks).
The complaint says that these hackers tracked public profile information and lists of friends not publicly visible. In addition to serving their own ads instead of the approved officers by Facebook. However, depending on the context, they could also be linked to the sale of private messages by 81,000 users last year.
Facebook notes that it publicly announced an engagement October 31, which roughly coincides with the date of a report from the BBC that reveals the violation of the private message, citing Facebook blaming malicious browser extensions. Those hackers claimed to have information on 120 million Facebook accounts, but the cybersecurity experts were hesitant; If Facebook's estimate of 63,000 browsers is accurate, it suggests that this skepticism was justified.
The complaint also says that Sluchevsky and Gorbachev "caused Facebook to suffer irreparable damage to their reputation," which would coincide with the scandal caused by private message sales despite Facebook saying that it was not their fault. Last year, the BBC questioned whether Facebook had been proactive enough to address malicious add-ons. Facebook did not immediately respond to questions about whether Sluchevsky and Gorbachev were linked to the leak of the private message.
In this complaint, Facebook alleges that users "effectively compromised their own browsers" by installing extensions. That makes this case substantially different from the well-known Cambridge Analytica scandal, which relied entirely on Facebook, giving developers broad access to the data. The complaint suggests that Facebook was not the only social network committed, although it does not name the others.
The scheme apparently would not have worked, however, if Facebook had not approved Hackers as developers who could use their Facebook login feature. According to the lawsuit, hackers registered accounts between 2016 and 2018 under pseudonyms such as "Elena Stelmah" and "Amanda Pitt." Facebook discovered its scheme "through an investigation of malicious extensions", and suspended all accounts around October 12, 2018. Then it contacted the browser manufacturers to make sure that the applications were removed.
Facebook is accusing Sluchevsky and Gorbachev of violating the Computer Fraud and Abuse Act by accessing Facebook data without authorization, as well as fraud and breach of contract by presenting itself as legitimate Facebook. developers "Facebook reasonably relied on the misrepresentations of Defendants to allow Defendants to access and use the Facebook platform," he says. Facebook allegedly spent more than $ 75,000 to investigate the violation, which "interfered with and undermined Facebook's relationship with its users."
Facebook filed a similar lawsuit last week, suing four Chinese companies that allegedly sold fake Facebook accounts and user commitment. In both cases, the defendants are abroad and it seems unlikely that they will suffer serious consequences. But the suits give Facebook the opportunity to defend against charges of being negligent with privacy and security, explaining how hackers have victimized users, not the platform itself.