Facebook filed two separate lawsuits in the U.S. and the U.K. against app developers for exploiting its platform and harvesting users’ data illegally. According to a report, Facebook Inc. and Facebook Ireland charged MobiBurn, OakSmart Technologies and its founder Fatih Haltas in the High Court of Justice for failing to comply with the audit request. The social networking giant claimed that MobiBurn gathered users’ data from Facebook and other social media firms by paying third-party app developers to install a malware “Software Development Kit (SDK)” in their applications.
“When people installed those apps on their devices, MobiBurn collected information from the devices and requested data from Facebook, including the person’s name, time zone, email address and gender. MobiBurn did not compromise Facebook, instead they used the malicious SDK on the users’ devices to collect information,” Facebook said in a report.
MobiBurn’s behavior came to light after security researchers reported the incident in a data abuse bounty program. Facebook then took enforcement action by sending a cease-and-desist letter asking MobiBurn to participate in a security audit, to which MobiBurn denied its cooperation.
In the U.S., Facebook Inc. and Instagram LLC sued Nikolay Holper in Federal Court in San Francisco for running a fake service called “Nakrutka” to sell fake likes, views, comments, and followers on Instagram. Facebook claims that Holper used a network of bots and automation software to run his fake engagement services on Instagram.
Lawsuits Filed Earlier
This is not the first time Facebook took legal action against abusers. Recently, it filed a similar lawsuit against Namecheap, an Arizona-based provider of domain name registrars online, for refusing to cooperate in an investigation to find malicious domains that have been registered through its services. Namecheap impersonated Facebook’s brand name and refused to share details about the owners of the suspicious domains. Security experts at Facebook tracked down 45 suspicious lookalike domains that are registered via Namecheap. It also filed a lawsuit in Virginia against 12 hoax domain names registered by Indian-based proxy service provider Compsys Domain Solutions Private Ltd. The malicious domains spoofed Facebook and its product names to carry out unethical activities.