Facebook Sues Ukrainian Hacker For Scraping Data Of Its More Than 178 Million Users

25/10/2021

When people connect to the internet to use certain apps, data should be transferred back and forth between their devices and the servers of the apps they use.

While there is no way of exactly saying how many of user data or what data is sent, stored, or shared, because it depends of the apps in question, as well as their policy, but what is certain, users' data is expensive, and that it's already being traded as a commodity.

Due to the abundance of data, and the high demand, hackers are doing all they can to obtain this kind of data.

The same goes with Alexander Alexandrovich Solonchenko, an Ukrainian who Facebook accused for exploiting the weakness at Messenger's contact import feature called 'Contact Importer'.

By exploiting the feature that allowed users to synchronize their phone address books and see which of their contacts had a Facebook account, Solonchenko fed Facebook millions of phone numbers using an automated tool that mimicked Android devices, and gathered data whenever the site returned information on accounts with phone numbers.

Through this method, Facebook said that Solonchenko managed to scrape the personal data of at least 178 million Messenger users from January 2018 and September 2019 (until Facebook terminated the importer feature).

Solomame's post on a hacking forum
Solonchenko as 'Solomame' in a hacking forum posting a thread to sell the stolen data. (Credit: Facebook)

Solonchenko then took a quiet time off, and started selling the stolen data in a black market hacking forum in December 2020.

Facebook that realized the hack, traced and tracked Solonchenko down after he used his forum username and contact details for email and job boards.

Solonchenko, a programmer from Kirovograd, Ukraine, is also found to have scraped data from other targets.

“Since 2020, Solonchenko has sold stolen or scraped data from Ukraine’s largest commercial bank, Ukraine’s largest private delivery service, and a French data analytics company,” Facebook said in the court documents.

In response to the extensive damage of this large-scale data heist Solonchenko created, the social giant is taking a legal action against the hacker.

Facebook asked for undefined damages as well as bans preventing Solonchenko from ever accessing Facebook again or selling its scraped data.

Facebook's allegation said that Solonchenko is a seasoned cyberattacker.

The company said that Solonchenko is a an active user in the hacking forum, where he operated using different usernames, and that he had sold data of hundreds of millions of people from multiple companies.

"Solonchenko worked as a freelance computer programmer with experience working with several programming languages including Python, PHP, and Xrumer, which is a software used for spamming; automating tasks on Android emulators; and conducting affiliate marketing," said Facebook.

“Until in or around June 2019, Solonchenko also sold shoes online under the business name ‘Drop Top’,” Facebook added.

The Solonchenko incident marks the second Facebook data scrape that is collected using the Messenger Contact Importer feature and then shared via a popular underground hacking forum.

Previously, in April 2021, another threat actor leaked the phone numbers of 533 million Facebook users, which Facebook also said was collected by abusing the same feature.

It was only after this incident that Facebook revealed that it retired the Messenger Contact Importer feature.

Attorneys for the social media company said that Solonchenko's action violated Facebook’s terms of service contract.

Facebook asks an undisclosed amount of money in return for the damage. They money won't matter much for Facebook, which sits on top of billions of dollars.

This is only Facebook's determination to crack down on data scraping, and its willing to pursue attackers in civil court in hopes of discouraging similar data raiding campaigns in the future.