Facebook is suing two Ukrainian developers to encourage users of more than 60,000 users to install browser extensions that embed personal information and advertisements into their news feeds


Facebook has sued two Ukrainian men who allegedly used quiz applications to retrieve personal data from Facebook users and inject advertisements into their news feeds. The lawsuit, filed Friday, accuses Gleb Sluchevsky and Andrey Gorbachov of having organized a multi-year computer hacking scheme.

Between 2017 and 2018, they prompted users to install malicious browser plug-ins that promise horoscopes or "character and popularity" tests, apparently infecting about 63,000 Facebook browsers. Sluchevsky and Gorbachov allegedly exploited four Web applications, including "Supertest" and "FQuiz", intended mainly for Russian and Ukrainian users. According to court filings, applications offered personality questionnaires such as "Who are you modern vampires?" (Illustrated by a poster for dusk) and "Who's yours [sic] doppelganger of the past? "(illustrated with images of Stalin and Lenin), as well as tests such as" Do you have royal blood? "

Malware of Facebook's personality

Web applications used Facebook's login function, promising to collect only limited information. However, they would then ask users to install web browser extensions giving hackers access to their Facebook accounts (and other social media).

The complaint indicates that these hackers have scraped public profile information and lists of friends that are not publicly available, in addition to posting their own ads instead of those officially approved by Facebook. However, depending on the context, they could also be related to the sale of private messages from 81,000 users last year.

Facebook claims to have suffered "irreparable damage to the reputation" of the violation

Facebook notes that he publicly announced the compromise around October 31, which roughly corresponds to the date of a BBC report revealing the violation of the private message, citing Facebook blaming malicious browser extensions. These hackers claimed to have information from 120 million Facebook accounts, but the cybersecurity experts were questionable. if the estimate of Facebook's 63,000 browsers is accurate, this suggests that this skepticism was justified.

The complaint also states that Sluchevsky and Gorbachov "subjected Facebook to irreparable damage to the reputation", which would be in keeping with the scandal that these sales of private messages caused – even though Facebook claimed that they were not guilty of any damage. were not his fault. Last year, the BBC asked if Facebook had been proactive enough to tackle malicious plugins. Facebook did not immediately answer questions about the link between Sluchevsky and Gorbachov and the leak of private messages.

In this complaint, Facebook claims that users "have actually compromised their own browsers" by installing extensions. This makes this case very different from the more familiar Cambridge Analytica scandal, which relied entirely on Facebook, giving developers broad access to data. The complaint suggests that Facebook was not the only compromised social network, although it did not name the others.

Malware of Facebook's personality

The schema apparently would not have worked, however, if Facebook had not approved hackers as developers who could use its Facebook login feature. According to the lawsuit, hackers registered accounts between 2016 and 2018 under pseudonyms such as "Elena Stelmah" and "Amanda Pitt". Facebook discovered their ploy "through a survey of malicious extensions" and suspended all accounts by October 12, 2018, and then contacted the browser makers to make sure the apps were removed.

Facebook accuses Sluchevsky and Gorbachov of violating the law on fraud and computer abuse by accessing Facebook data without authorization, as well as fraud and breach of contract for presenting false statements as legitimate developers from Facebook. "Facebook has reasonably relied on the misrepresentations of the accused to allow the accused to access and use the Facebook platform," he said. Facebook reportedly spent more than $ 75,000 investigating the violation, "embarrassing and undermining Facebook's relationship with its users."

Last week, Facebook launched a similar lawsuit against four Chinese companies that allegedly sold fake Facebook accounts and prompted user engagement. In both cases, the defendants are abroad and it seems unlikely that the consequences will be serious. But the lawsuits give Facebook a chance to defend against accusations of lax privacy and security, explaining how users have been victims of hacking – not the platform itself.