- Facebook has sued an Ukrainian programmer for stealing and selling scraped sensitive user data.
- Solonchenko abused a Messenger feature to extract the data of 178 million Facebook users from January 2018 to September 2019 .
- The same feature that allowed this exploit has been used in 2021 to extract 533 million Facebook users’ data.
Facebook filed a case for data theft on Friday against a Ukrainian for scraping Facebook’s Messenger and selling data of over 178 million users on darknet forums. The hacker abused a Messenger feature to scrape user data over a span of 21 months. The company is now seeking court mandates to bar the man from using Facebook sites and also selling any remaining scraped data along with reparations for damages.
The defendant is a programmer named Alexander Alexandrovich Solonchenko from Kirovograd, Ukraine. According to Facebook, Solonchenko used the Contact Importer feature of Facebook Messenger to gather the data illegally. This feature syncs in with a user’s mobile contacts directory to make connecting with saved numbers easier.
The data theft in question took over 21 months, from January 2018 to September 2019, using an automated tool simulating Android environments to feed Facebook servers with millions of randomized phone numbers. The pingback on actual registered numbers with linked accounts on the site helped Solonchenko collect the data.
On December 1, 2020, he put the collected information on RaidForums, a well-known cybercrime forum for stolen data trade. According to the documentation, Solonchenko has sold data from multiple companies on this forum under the name "Solomame" and later "barak_obama."
The social media giant caught on to Solonchenko’s online activity after he used these same contact details on job portals and for email accounts. Solonchenko has held jobs as a freelance programmer and also sold shoes online in June 2019 using the business name "Drop Top."
The Contacts Importer feature was removed in 2019. In April 2021, 533 million Facebook user phone numbers were exposed by abusing the same feature and sold on a hacker forum. However, Facebook said then the data set was old and the breach happened two years back, before the feature was taken down.