Facebook has filed a lawsuit against Ukrainian citizen Oleksandr Solonchenko, as he collected data from 178 million Facebook users using scraping, and then put this information up for sale on a hacker forum.
According to court documents , Solonchenko abused Facebook Messenger’s Contact Importer feature. Previously, this feature allowed users to sync their phone address books and see which contacts have a Facebook account (so users could connect with their friends through Facebook Messenger).
According to Facebook, from January 2018 to September 2019, Solonchenko used some kind of automated tool to simulate Android devices and bombarded Facebook’s servers with millions of random phone numbers. Since the company’s servers in response reported for which phone numbers the account exists on the site, Solonchenko collected a huge array of data, which he put up for sale on the well-known hack forum RaidForums on December 1, 2020.
On the forum, Solonchenko used the pseudonym Solomame (later barak_obama), and sold the data of hundreds of millions of users of various companies.
“Since 2020, Solonchenko has been selling stolen or scraped data from the largest commercial bank in Ukraine, the largest private delivery service in Ukraine, and a French data analysis company,” Facebook said in court documents.
Experts of the social network managed to connect Solonchenko with the user Solomame after he used the same nickname and left the same contacts for communication on several job search portals.
“Solonchenko worked as a freelance programmer and [wrote that] has experience with several programming languages, including Python, PHP, as well as Xrumer (software used to send spam), automation of tasks on Android emulators and in the field of affiliate marketing. – said in a statement Facebook. “Until about June 2019, Solonchenko also sold shoes on the Internet under the Drop Top brand.”
The social network is now asking the judge to sign an injunction prohibiting Solonchenko from accessing Facebook sites and other products and from further selling the scraped data. The social network is also seeking redress, although it is not yet clear what amounts are involved.
It is worth noting that in the spring of this year, another person put up for sale the data of 533 million Facebook users , also collected in a similar way. Back then, Facebook representatives said that they disabled the Contact Importer feature back in September 2019 when they discovered that it was being abused by hackers.
Catch up on more stories here
Follow us on Facebook here