[TheRecord] Facebook sues Ukrainian who scraped the data of 178 million users

Facebook has filed a lawsuit on Friday against a Ukrainian national for allegedly scraping its website and selling the personal data of more than 178 million users on an underground cybercrime forum.

According to court documents filed today, the man was identified as Alexander Alexandrovich Solonchenko, a resident of Kirovograd, Ukraine.

Facebook alleges that Solonchenko abused a feature part of the Facebook Messenger service called Contact Importer.

The feature allowed users to synchronize their phone address books and see which contacts had a Facebook account in order to allow users to reach out to their friends via Facebook Messenger.

Scraping took place over 21 months

Between January 2018 and September 2019, Facebook said that Solonchenko used an automated tool to pose as Android devices in order to feed Facebook servers with millions of random phone numbers.

As Facebook servers returned information for which phone numbers had an account on the site, Solonchenko collected the data, which he later collected and offered for sale on December 1, 2020, in a post on RaidForums, a notorious cybercrime forum and marketplace for stolen data.

Image: Facebook

Facebook said Solonchenko was a prodigious user on the forum, where he operated using the username of Solomame (later renamed to barak_obama), and had sold the data of hundreds of millions of users from multiple companies.

“Since 2020, Solonchenko has sold stolen or scraped data from Ukraine’s largest commercial bank, Ukraine’s largest private delivery service, 

and a French data analytics company,” Facebook said in court documents today.

OpSec mistakes tied Solonchenko to Solomame persona

The social network said it was able to link Solonchenko to the RaidForums user after the defendant used the same username and contact methods on job portals and for email accounts.

“Solonchenko worked as a freelance computer programmer with experience working with several programming languages including Python, PHP, and Xrumer, which is a software used for spamming; automating tasks on Android emulators; and conducting affiliate marketing,” Facebook said.

“Until in or around June 2019, Solonchenko also sold shoes online under the business name ‘Drop Top’,” Facebook added.

The social network is now asking a judge to issue injunctions that would forbid Solonchenko from accessing Facebook sites and from selling any more of Facebook’s scraped data. The social network is also seeking unspecified damages.

Facebook retired Contact Importer feature in September 2019

The Solonchenko incident marks the second Facebook data scrape that was collected using the Messenger Contact Importer feature and then shared via RaidForums.

In April 2021, another threat actor leaked the phone numbers of 533 million Facebook users, which Facebook also said was collected by abusing the same feature.

Days after this incident, Facebook revealed that it retired the Messenger Contact Importer feature back in September 2019 after it discovered Solonchenko and other threat actors abusing it.

The post Facebook sues Ukrainian who scraped the data of 178 million users appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

Daily NCSC-FI news followup 2019-09-28

More SIM Cards Vulnerable to Simjacker Attack Than Previously Disclosed thehackernews.com/2019/09/dynamic-sim-toolkit-vulnerability.html Remember the Simjacker vulnerability? Now, it turns out that the [email protected] Browser is not the only dynamic SIM toolkit that contains the Simjacker issue which can be exploited remotely from any part of the world without any authorizationregardless of which handsets or mobile operating […]

Read More

[ESET] Defending against APT attacks – Week in security with Tony Anscombe

All posts, ESET feed

The conflict in Ukraine has highlighted the risks of cyberespionage attacks that typically involve Advanced Persistent Threat groups and often target organizations’ most valuable data The post Defending against APT attacks – Week in security with Tony Anscombe appeared first on WeLiveSecurity Source: Read More (WeLiveSecurity)

Read More

[NCSC-FI News] The Urgency To Cyber-Secure Space Assets

Our reliance on space, and especially satellites, for communications, security, intelligence, and commerce has exponentially grown with digital transformation. Unfortunately, so have the risks, as a result, the need to prioritize cybersecurity around space assets is urgent Last May, the Cybersecurity and Infrastructure Security Agency (CISA) announced the formation of a Space Systems Critical Infrastructure […]

Read More