2 min read

Man who "scraped and sold 178 million users' data" is sued by Facebook

Graham CLULEY

October 26, 2021

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Man who "scraped and sold 178 million users' data" is sued by Facebook

Facebook is suing a Ukrainian man for allegedly stealing the data of more than 178 million users, and then selling it on an underground cybercrime forum.

In a lawsuit filed by the social networking giant on Friday, Facebook claims that between January 2018 and September 2019 Alexander Alexandrovich Solonchenko exploited a vulnerability in a feature which was supposed to help you connect with friends on the social network to scoop up users' personal data.

According to Facebook, Solonchenko - who sometimes uses the online handles "Solomame" or "Barak_Obama" - took advantage of a "feature" in Facebook Messenger's Contact Importer that was supposed to tell users if contacts in their address book also had accounts on the site, and make it easier to connect.

However, it is alleged that for over a year and a half Solonchenko managed to create a database of 178 million Facebook users' phone numbers and details, having fed Contact Importer many millions of random phone numbers.

In the legal documents, Facebook claims that Solonchenko was also linked to the scraping and sale of data from Ukrainian companies, including the country's leading private delivery company Nova Poshta and financial organisation PrivatBank.

It is alleged that Solonchenko made the database of Facebook users' details available for sale via the cybercrime marketplace RaidForums.

And because Soloncheno had a Facebook account, the site argues that he was in violation of their terms of service - even though all of the data he is alleged to have scraped was publicly accessible on the site.

Interestingly, it appears that Solonchenko was identified following errors he made in preserving his own online privacy, namely reusing the same usernames and email addresses in multiple places online - including job forums.

The social media giant is seeking unspecified damages from Solonchenko, and has asked the court for an injunction to stop him from accessing Facebook and selling or further distributing data scraped from the site.

The social network is now asking a judge to issue injunctions that would forbid Solonchenko from accessing Facebook sites and from selling any more of Facebook’s scraped data. The social network is also seeking unspecified damages.

Earlier this year, following the discovery that the personal information of 533 million users had been made available on a hacking forum, Facebook revealed it had quietly fixed the vulnerability back in 2019.  That particular data dump has not been linked to Solonchenko, but appears to have used the same method.

tags


Author



Right now

Top posts

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read
Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

June 22, 2022

1 min read
Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

May 24, 2022

3 min read
John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

April 15, 2022

3 min read
Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

April 14, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

CafePress Fined $500,000 for Not Disclosing Data Breach that Compromised 23 Million Accounts CafePress Fined $500,000 for Not Disclosing Data Breach that Compromised 23 Million Accounts
Silviu STAHIE

June 28, 2022

1 min read
Carnival Cruises bruised by $6.25 million fine after series of cyberattacks Carnival Cruises bruised by $6.25 million fine after series of cyberattacks
Graham CLULEY

June 28, 2022

2 min read
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside
Silviu STAHIE

June 28, 2022

2 min read