Skip to content
Naked Security Naked Security

Facebook sues developers over data-scraping quizzes

Downloaded by 63K users, the quizzes promised answers to questions such as "What kind of dog are you according to your zodiac sign?"

Facebook on Friday sued two Ukrainian men, Andrey Gorbachov and Gleb Sluchevsky, for allegedly scraping private user data through malicious browser extensions that masqueraded as quizzes.

The company also alleges that the deceptive extensions injected unauthorized ads into Facebook users’ News Feeds when their victims visited through the compromised browsers.

From Facebook’s civil complaint:

As a result of installing the malicious extensions, the app users effectively compromised their own browsers because, unbeknownst to the app users, the malicious extensions were designed to scrape information and inject unauthorized advertisements when the app users visited Facebook or other social networking site as part of their online browsing.

According to the complaint, from 2016 to 2018, Sluchevsky and Gorbachov allegedly ran at least four web apps: “Supertest,” “FQuiz,” “Megatest,” and “Pechenka.”

The apps ran quizzes promising answers to questions such as “Do you have royal blood?, “You are yin. Who is your yang?” and “What kind of dog are you according to your zodiac sign?” among many others.

The apps were advertised and shared on Facebook, but they were available on public websites associated with several domains, including megatest.online, supertest.name, testsuper.su, testsuper.net, fquiz.com, and funnytest.pro.

Both of the defendants are based out of Kiev and work for a company called the Web Sun Group. Sluchevsky presents himself as the company’s founder.

Scraped social profiles

Facebook says that their extensions enabled the two to illegally scrape users’ publicly viewable profile information, such as name, gender, age range, and profile picture, when infected users visited social networking sites – including Facebook.

Facebook didn’t name the other social networking sites that the apps allegedly scraped.

It did say, however, that the alleged scraping is akin to illegally trespassing on its own servers:

Defendants used the compromised app users as a proxy to access Facebook computers without authorization.

The apps also allegedly got at private information such as Facebook users’ friend lists.

Facebook discovered and shut down the malicious apps while investigating malicious extensions in 2018. The company says that the two men compromised the browsers of approximately 63,000 Facebook users and caused the company over $75,000 in damages.

The platform is seeking an injunction and restraining order against the two developers, to keep them from creating any more apps targeting Facebook users.

Facebook is also requesting financial relief for the costs of investigating the defendants’ operation and restitution of any funds the two might have made off the use of Facebook users’ data.

4 Comments

So the company that is responsible for the biggest privacy concerns on the internet is now suing because of privacy concerns? makes perfect sense to me.

“It did say, however, that the alleged scraping is akin to illegally trespassing on its own servers”

Facebook: Hey, give that back, we stole it first……..
“caused the company over $75,000 in damages.” so, less than 1/2hr of earnings (based on 3million per day). The money they spend to go to court will be far more than the damages. I would dare say this is a PR move, and a good one.

Facebook wanted to make sure that they are the only one stealing privacy information by suing others who came across them. LOL

Comments are closed.

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?