Facebook sues hacker who stole information from its users to sell it on illegal forums

A few days ago Facebook filed a lawsuit against Alexandrovich Solonchenko, a Ukrainian citizen accused of using hacking tools to collect the information of more than 170 million users on the platform to sell it on cybercriminal forums on the dark web. Apparently, the defendant sold this data on the raid forum RaidForums, where he was identified with the aliases of “Solomame” and “barak_obama”.

The social media giant argues that Solonchenko, who worked as a freelance programmer, misused Facebook Messenger Contact Importer feature in order to extract millions of user IDs and phone numbers linked to the social platform.

This feature allows users to upload their contacts to the app from their smartphone and included functionality to compare Facebook contacts with those on the device in order to identify friends associated with phone numbers stored by users.

Between 2018 and 2019 the defendant would have abused this function to extract the records of around 178 million users, in a campaign of scraping information using automated requests apparently issued from Android devices; for this, Solonchenko employed powerful Android system emulation tools that looked like legitimate devices. After detecting this unusual activity, Facebook began to take steps to prevent the scraping of information.

Although the information collected by the hacker is considered publicly accessible, Facebook believes that the defendant violated its terms of service by selling these records on the dark web. Solonchenko is also noted as responsible for the sale of the information of a major bank in Ukraine and a financial firm based in France.

Facebook is seeking the issuance of a court order that prevents the defendant from accessing any of its platforms and preventing the compromised information from continuing to circulate in hacking forums, although it is still to be known if the case will reach the courts.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.