Facebook is currently suing Ukrainian programmer Alexander Alexandrovich Solonchenk for allegedly scraping the data of 178 million users on the platform. According to the court documents, the lawsuit was filed on October 21st in California.
Solonchenko collected the data by exploiting Facebook Messenger’s contact import feature. Between January 2018 to September 2019, he used an automated tool to pose as Android devices and fed Facebook millions of telephone numbers. Facebook would then give Solonchenko data on which numbers had Facebook accounts. He also said that his parser did not work for all profiles, as it depended on each account’s publicity settings. Fortunately for us, Facebook discontinued the contact import feature back in 2019, right after they found out what Solonchenko was doing.
On December 1 2020, the programmer sold the data on RaidForums, a cybercrime forum he usually frequents under the usernames “Solomame” and “barak_obama”. According to Facebook, Solonchenko had already sold the data of millions to multiple companies beforehand. “Since 2020, Solonchenko has sold stolen or scraped data from Ukraine’s largest commercial bank, Ukraine’s largest private delivery service, and a French data analytics company,” Facebook detailed in the court documents.
In the lawsuit, Facebook asked for unspecified damages and for Solonchenko to be banned from using Facebook’s services.
This incident is far from Facebook’s first privacy scandal. The Wikipedia page for “Privacy concerns with Facebook” has 36 sections. Back in April, a group of hackers utilised the same feature to scrape data from 533 million Facebook users. This data breach affected over 11 million Malaysian accounts.