Facebook is suing Ukrainian programmer Alexander Solonchenko for selling data belonging to 178 million Facebook users. Some of the stolen data belonged to users from the United States.
Solonchenko stole user data by taking advantage of the contact import feature in Messenger using an automated tool that mimics Android devices. It enters millions of random phone numbers into Facebook's servers and collects data as Facebook returns information about the accounts associated with those phone numbers.
"Solonchenko works as a freelance computer programmer with experience working with several programming languages including Python, PHP, and Xrumer, which is software used for spamming; automating tasks on Android emulators; and doing affiliate marketing," Facebook said in its court documents, as quoted by Reuters. from The Record, Monday (25/10/2021).
"Until or around June 2019, Solonchenko also sold shoes online under the business name 'Drop Top'," he continued.
Solonchenko's actions took place between January 2018 and September 2019. He stopped collecting user data after Facebook turned off the contact import feature because it was exploited by Solonchenko and other irresponsible people.
The data that Solonchenko stole was then sold on RaidForum, a forum site used to buy and sell data that was leaked or stolen. It started selling stolen data in December 2020.
Facebook managed to identify Solonchenko after he used the username and contact details on his RaidForum account for his email and accounts on the job posting site.
In its lawsuit, Facebook said Solonchenko also collected data from other targets, including one of Ukraine's largest banks. The company created by Mark Zuckerberg is suing for damages, and barring Solonchenko from accessing Facebook products or selling the data he has collected.
This is not the biggest data theft case that Facebook has experienced. Previously, hackers had taken data belonging to 533 million users using the same contact import feature.