Facebook filed a data theft lawsuit against a Ukrainian on Friday, accusing him of scraping Facebook Messenger and selling the data of over 178 million users on dark net forums. Over the course of 21 months, the hacker used a Messenger function to harvest user data. The company is now seeking court orders prohibiting the guy from using Facebook sites, as well as the sale of any remaining scraped data and damages restitution.
Alexander Alexandrovich Solonchenko, a programmer from Kirovograd, Ukraine, is the defendant. Solonchenko, according to Facebook, fraudulently gathered the data using the Contact Importer feature of Facebook Messenger. This function integrates with a user’s mobile contacts directory to make it easy to connect with saved phone numbers.
From January 2018 to September 2019, an automated technique imitating Android environments was used to provide Facebook servers with millions of randomised phone numbers, which took over 21 months to complete. Solonchenko was able to obtain the data thanks to a pingback on actual registered numbers with associated accounts on the site.
He posted the acquired data to RaidForums, a well-known cybercrime forum for the selling of stolen data, on December 1, 2020. Solonchenko sold data from various companies on this site using the names “Solomame” and later “barak obama,” according to the documentation.
Solonchenko’s online activity was discovered by the company when he used the same contact information on employment sites and for email accounts. Solonchenko has worked as a freelance programmer and, in June 2019, sold shoes online under the name “Drop Top.”
In 2019, the Contacts Importer feature was deactivated. In April 2021, 533 million Facebook user phone numbers were revealed and sold on a hacker forum after the same feature was exploited. However, the company stated at the time that the data collection was outdated and that the breach occurred two years prior to the removal of the service.
You might also like: