Published: Чт, Марта 14, 2019
IT | By Lester Massey

Facebook Sues 2 Ukrainian Men Over Alleged Data-Stealing Browser Add-Ons

Facebook Sues 2 Ukrainian Men Over Alleged Data-Stealing Browser Add-Ons

Two Ukrainian hackers used malicious browser extensions to overlay their own advertisements onto Facebook's news feedTwo Ukrainian men used online quizzes to lure more than 60,000 Facebook users into installing malicious browser extensions that leaked their profile data and friends lists to offshore servers, according to a federal lawsuit filed by the company.

In the period from 2016 to 2018 they compromised about 63 thousand browsers and Facebook have caused damage for the sum more than $75,000.

The web apps used Facebook's login feature, promising to collect only limited information.

Читайте также: Tiger Woods: I can compete now pain has gone

The complaint says these hackers scraped public profile information and non-publicly viewable lists of friends, in addition to serving their own ads instead of official Facebook-approved ones. "Who is your yang?" and "What kind of dog are you according to your zodiac sign?" Once users landed on these sites, they'd be prompted to enable push notifications in their browsers, which eventually led the same users to install various browser extensions.

Facebook notes that it publicly announced the compromise around October 31st, which roughly matches the date of a BBC report revealing the private message breach, quoting Facebook blaming malicious browser extensions. The extension then allowed the hackers to serve non-Facebook ads to FB users, according to The Verge. However, Facebook refused to give an immediate response as to whether Gleb Sulchevsky and Andrey Gorbachov were the culprits then. "In fact, Defendants knew that the applications were created to scrape the app users' public profiles on Facebook and other social networking sites, and to prompt users to install malicious extensions for the objective of manipulating the users' browsers and collect the users' private and non-publicly viewable lists of friends when the app user visited the Facebook site". Last year, the BBC questioned whether Facebook had been proactive enough in addressing the malicious plugins. Last week, Facebook filed a lawsuit against four Chinese companies that allegedly sold fake accounts and user engagement.

Facebook's inability to secure user data is being highlighted once again, this time after it was determined that several Ukrainian hackers managed to distribute online quizzes which provided them with access to user data. Cybersecurity experts have shrugged off that number, claiming only 63,000 browser installs were recorded. In both cases, the defendants are overseas and seem unlikely to suffer serious consequences.

При любом использовании материалов сайта и дочерних проектов, гиперссылка на обязательна.
«» 2007 - 2019 Copyright.
Автоматизированное извлечение информации сайта запрещено.

Код для вставки в блог

Like this: