Facebook filed a lawsuit against a Ukrainian man in a federal court Friday for allegedly using third-party services to gather information about 178 million users, then selling that information.
Defendant Alexander Solonchenko is accused of using automated tools in 2018 and 2019 to retrieve information about users by looking up their phone numbers through Facebook’s Messenger Contact Importer. Solonchenko in 2020 started advertising the Facebook data for sale on RaidForum, a marketplace for data leaks where he had sold data from other private companies, the lawsuit says. He sold the data in 2021.
The social media giant argues that Alexander Solonchenko violated Facebook’s terms of service by “using automated means…or attempt[ing] to access data you don’t have permission to access.” The company now is seeking an injunction preventing Solonchenko from accessing Facebook and its products as well as an injunction that would stop Solonchenko from selling or distributing any data obtained from Facebook. The lawsuit also seeks unspecified damages.
This isn’t the first time Facebook has brought legal action against users who collected public data from its website. Facebook in 2020 sued two companies that collected information from its services, as well as other major social media companies for marketing intelligence services. In August Facebook shut down researchers studying misinformation on its platform on the grounds that they had violated the companies policy on automated collection of user data, or “data scraping.”
Other tech companies have also fought against the practice in court. LinkedIn sued the corporate intelligence firm hiQ Labs in 2019 for scraping data from its website. The Ninth Circuit Court ruled in September 2019 that the automated scraping of public data likely did not violate federal hacking laws. However, LinkedIn appealed the case to the Supreme Court, which in June sent the case back to the Ninth Circuit for review. The court heard oral arguments for the case Monday.
It’s not immediately clear if the latest Facebook lawsuit is related to a similar instance in which an individual used a bot to exploit a bug in Facebook’s contact lookup system and scrape user information to create a database that was reported as up for sale on the dark web in April.
Facebook said it in 2019 fixed the vulnerability in its contact system and took other measures to prevent future scraping.
Seamus Hughes, the deputy director of the Program on Extremism at George Washington University and a specialist on court filings, first noticed the latest suit.
The complaint is available in full below.