Facebook sues developer of data scraping extensions for Chrome

The developer is a Portuguese company that Facebook claims developed malicious Chrome extensions allowing data scraping.

The developer is a Portuguese company that Facebook claims developed malicious Chrome extensions allowing data scraping.

Data scraping against Facebook and other websites is a serious issue. Last year more than 500 million+ Facebook user data was scraped (1) and leaked online (2). Just last week, a Chinese firm was caught leaking 200 million Facebook, Instagram, LinkedIn users’ records it harvested through data scraping.

While companies everyday digitally defend themselves from the actions of attackers, few take legal action in order to make their perpetrators pay.

In the latest, Facebook has done the latter where it has taken the developers of certain Google Chrome extensions to the court for illegally scraping data from the social media giant.

Prosecuted in Portugal, the case concerns 2 individuals who were running their business under the name of “Oink and Stuff.”

See: Chrome extensions with 80 million+ users found engaging in ad fraud

The extensions in discussion include:

  • Blue Messenger
  • Emoji keyboard 
  • Green Messenger
  • Web for Instagram plus DM

According to Facebook, these extensions had a privacy policy that misled users by telling them that they did not collect any of their personal data. In reality, though, they of course did which included personally identifiable information from social media platforms such as Facebook including full names, gender, age, relationship status, and user IDs.

This was not only done through the extensions themselves but by also installing additional malware in user browsers. The data too wasn’t only limited to Facebook hinting at ulterior motives from the attackers.

All extensions have been removed from the Google Chrome Store with their respective links giving 404 error pages. An official blog post of Facebook states that,

We are seeking a permanent injunction against defendants and demanding that they delete all Facebook data in their possession. This case is the result of our ongoing international efforts to detect and enforce against those who scrape Facebook users’ data, including those who use browser extensions to compromise people’s browsers.

To conclude, this case would serve as an effective deterrent against other cybercriminals who may at most view their potential damage as being limited to the removal of their content/extensions from legal web stores.

See: “I think you appear in this video” phishing scam hijacks Facebook accounts

It is also important to remember that this is not the same time that Facebook is taking legal action. In the past, they have sued notable domain registrars like Namecheap for allowing the registration of domains that could aid in Facebook phishing.

For the future, we should expect other tech companies to follow the same example creating a responsible ecosystem. On the other hand, as a user, one should refrain from installing unnecessary extensions and keep an eye on their review section for users’ negative or positive feedback.

Did you enjoy reading this article? Don’t forget to like our page on Facebook and follow us on Twitter


Comments are closed.

Related Posts