Facebook Lawsuit Details How Alleged Hackers Used Quizzes to Steal Data

Judy Cobb
March 14, 2019

Facebook said the activity started in 2016 and stopped in October 2018 when the defendants, who are believed to work for a software company called Web Sun Group, were kicked off the platform. According to court filings, the apps offered personality quizzes like "Who are you of modern vampires?"

Between 2017 and 2018, they enticed users to install malicious browser plugins promising horoscopes or "character and popularity" tests, apparently infecting around 63,000 Facebook users' browsers.

The quizzes, with titles such as "What does your eye colour say about you?" and "Do people love you for your intelligence or your beauty?", gained access to this information via the Facebook Login system - which enables connections between third party apps and Facebook profiles.

Other social media networking sites were also targeted by the two developers, but the company didn't name the other sites in its civil complaint. This announcement made by the company came at the same time when a report on the BBC revealed that there had been a breach on people's private messages on the website. This amount according to the civil complaint was what Facebook spent in removing the malicious plugins from its website previous year.

Whether Facebook can expect any success from the suit is up in the air, given it can't compel Gorbachov or Sluchevsky to come to the USA to face trial.

Kelowna students joining global strike addressing climate change inaction
St Peter's student Rachael Stone, 16, is one of the organisers of the Manawatū event and she expected more than 200 students to attend.

Facebook attempts to distance itself from fault in the suit, claiming that users "effectively compromised their own browsers" by installing the extensions. The developer had used an online quiz app that connected to Facebook to gather the data.

On how these men could access user's accounts, the complaint stated that they trickily caused the victims to install browser extensions infected with malware.

Facebook is accusing Sluchevsky and Gorbachov of violating the Computer Fraud and Abuse Act by accessing Facebook data without authorization, as well as fraud and breach of contract for misrepresenting themselves as legitimate Facebook developers.

Facebook, in its lawsuit filed on Friday, alleged that the Kiev-based entrepreneurs violated Californian and federal anti-hacking laws, and sued them for fraud and breach of Facebook's terms of service. Facebook estimated it spent more than $75,000 investigating the alleged malicious activity.

Other reports by

Discuss This Article