Facebook is taking legal action in response to another large-scale data heist. According to The Record, the social network has sued Ukraine national Alexander Solonchenko for allegedly scraping data for more than 178 million users. Solonchenko reportedly exploited Messenger’s contact import feature by using an automated tool that mimicked Android devices. He fed Facebook millions of phone numbers and gathered data whenever the site returned info on accounts with phone numbers.
The attacker supposedly conducted the campaign between January 2018 and September 2019 (when Facebook shut down the importer), and started selling it on a black market forum in December 2020. Facebook tracked Solonchenko down after he used his forum username and contact details for email and job boards. The man has also scraped data from other targets, Facebook said, including a major Ukranian bank.
In its complaint, Facebook asked for undefined damages as well as bans preventing Solonchenko from accessing Facebook or selling its scraped data.
This isn’t the largest such incident. Hackers scraped data for 533 million users through the same feature. However, this illustrates Facebook’s determination to crack down on data scraping — it’s willing to pursue attackers in civil court in hopes of discouraging similar data raiding campaigns.