Two Ukrainian men used online quizzes to lure more than 60,000 Facebook users into installing malicious browser extensions that leaked their profile data and friends lists to offshore servers, according to a federal lawsuit filed by the company.
Andrey Gorbachov and Gleb Sluchevsky allegedly used the browser extensions to overlay their own advertisements onto Facebook’s news feed when their victims visited through the compromised browsers, The Daily Beast reported on Friday.
Facebook, in its lawsuit filed on Friday, alleged that the Kiev-based entrepreneurs violated Californian and federal anti-hacking laws, and sued them for fraud and breach of Facebook’s terms of service.
The company also alleged that the scheme primarily targeted Russian-language victims.
“As a result of installing the malicious extensions, the app users effectively compromised their own browsers because… the malicious extensions were designed to scrape information and inject unauthorized advertisements when the app users visited Facebook or other social networking site,” the company wrote.
Both defendants are affiliated with a company called the Web Sun Group.
“In total, defendants compromised approximately 63,000 browsers used by Facebook users and caused over $75,000 in damages to Facebook,” the company claims in its civil complaint, citing the cost of rooting out the activity.
Recently, Facebook CEO Mark Zuckerberg posted a note outlining a vision of a more “privacy focused” social media giant.
“I believe we should be working towards a world where people can speak privately and live freely knowing that their information will only be seen by who they want to see it,” he wrote.