The developer is a Portuguese company that Facebook claims developed malicious Chrome extensions allowing data scraping.
Data scraping against Facebook and other websites is a serious issue. Last year more than 500 million+ Facebook user data was scraped (1) and leaked online (2). Just last week, a Chinese firm was caught leaking 200 million Facebook, Instagram, LinkedIn users’ records it harvested through data scraping.
While companies everyday digitally defend themselves from the actions of attackers, few take legal action in order to make their perpetrators pay.
In the latest, Facebook has done the latter where it has taken the developers of certain Google Chrome extensions to the court for illegally scraping data from the social media giant.
Prosecuted in Portugal, the case concerns 2 individuals who were running their business under the name of “Oink and Stuff.”
The extensions in discussion include:
- Blue Messenger
- Emoji keyboard
- Green Messenger
- Web for Instagram plus DM
This was not only done through the extensions themselves but by also installing additional malware in user browsers. The data too wasn’t only limited to Facebook hinting at ulterior motives from the attackers.
All extensions have been removed from the Google Chrome Store with their respective links giving 404 error pages. An official blog post of Facebook states that,
We are seeking a permanent injunction against defendants and demanding that they delete all Facebook data in their possession. This case is the result of our ongoing international efforts to detect and enforce against those who scrape Facebook users’ data, including those who use browser extensions to compromise people’s browsers.
To conclude, this case would serve as an effective deterrent against other cybercriminals who may at most view their potential damage as being limited to the removal of their content/extensions from legal web stores.
It is also important to remember that this is not the same time that Facebook is taking legal action. In the past, they have sued notable domain registrars like Namecheap for allowing the registration of domains that could aid in Facebook phishing.
For the future, we should expect other tech companies to follow the same example creating a responsible ecosystem. On the other hand, as a user, one should refrain from installing unnecessary extensions and keep an eye on their review section for users’ negative or positive feedback.