[TheRecord] Facebook sues Ukrainian who scraped the data of 178 million users

Facebook has filed a lawsuit on Friday against a Ukrainian national for allegedly scraping its website and selling the personal data of more than 178 million users on an underground cybercrime forum.

According to court documents filed today, the man was identified as Alexander Alexandrovich Solonchenko, a resident of Kirovograd, Ukraine.

Facebook alleges that Solonchenko abused a feature part of the Facebook Messenger service called Contact Importer.

The feature allowed users to synchronize their phone address books and see which contacts had a Facebook account in order to allow users to reach out to their friends via Facebook Messenger.

Scraping took place over 21 months

Between January 2018 and September 2019, Facebook said that Solonchenko used an automated tool to pose as Android devices in order to feed Facebook servers with millions of random phone numbers.

As Facebook servers returned information for which phone numbers had an account on the site, Solonchenko collected the data, which he later collected and offered for sale on December 1, 2020, in a post on RaidForums, a notorious cybercrime forum and marketplace for stolen data.

Image: Facebook

Facebook said Solonchenko was a prodigious user on the forum, where he operated using the username of Solomame (later renamed to barak_obama), and had sold the data of hundreds of millions of users from multiple companies.

“Since 2020, Solonchenko has sold stolen or scraped data from Ukraine’s largest commercial bank, Ukraine’s largest private delivery service, 

and a French data analytics company,” Facebook said in court documents today.

OpSec mistakes tied Solonchenko to Solomame persona

The social network said it was able to link Solonchenko to the RaidForums user after the defendant used the same username and contact methods on job portals and for email accounts.

“Solonchenko worked as a freelance computer programmer with experience working with several programming languages including Python, PHP, and Xrumer, which is a software used for spamming; automating tasks on Android emulators; and conducting affiliate marketing,” Facebook said.

“Until in or around June 2019, Solonchenko also sold shoes online under the business name ‘Drop Top’,” Facebook added.

The social network is now asking a judge to issue injunctions that would forbid Solonchenko from accessing Facebook sites and from selling any more of Facebook’s scraped data. The social network is also seeking unspecified damages.

Facebook retired Contact Importer feature in September 2019

The Solonchenko incident marks the second Facebook data scrape that was collected using the Messenger Contact Importer feature and then shared via RaidForums.

In April 2021, another threat actor leaked the phone numbers of 533 million Facebook users, which Facebook also said was collected by abusing the same feature.

Days after this incident, Facebook revealed that it retired the Messenger Contact Importer feature back in September 2019 after it discovered Solonchenko and other threat actors abusing it.

The post Facebook sues Ukrainian who scraped the data of 178 million users appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

[BleepingComputer] GitHub finds 7 code execution vulnerabilities in ‘tar’ and npm CLI

GitHub security team has identified several high-severity vulnerabilities in npm packages, “tar” and “@npmcli/arborist,” used by npm CLI. The tar package receives 20 million weekly downloads on average, whereas arborist gets downloaded over 300,000 times every week. […] Source: Read More (BleepingComputer)

Read More

[ZDNet] ChaChi: a new GoLang Trojan used in attacks against US schools

All posts, ZDNet

The malware has found a role to play in ransomware strikes. Source: Read More (Latest topics for ZDNet in Security)

Read More

Daily NCSC-FI news followup 2019-08-16

New Bluetooth KNOB Attack Lets Attackers Manipulate Traffic www.bleepingcomputer.com/news/security/new-bluetooth-knob-attack-lets-attackers-manipulate-traffic/ A new Bluetooth vulnerability named “Key Negotiation Of Bluetooth attack” or “KNOB” has been disclosed that allow attackers to more easily brute force the encryption key used during pairing to monitor or manipulate the data transferred between two paired devices.. see also knobattack.com/ Ammottava aukko päästi […]

Read More