If your business has got anything to do with scrapping data from various websites, it’s time for you to revisit your strategy. Internet giants, one after another, coming down heavily on those who are feasting on scrapped data for personal or professional gains
In the latest incident, Facebook has filed a lawsuit against a Ukrainian citizen for allegedly collecting and selling personal data of around 178 million users. Facebook claims that the practice infringes its usage policies that every user must adhere to.
According to the filed lawsuit Alexandrovich Solonchenko allegedly set up a virtual device farm consisting of millions of virtual Android devices each with a unique phone number, and then used them to send automatized messages to Facebook systems through the Messenger application.
Between January 2018 and September 2019, Solonchenko purportedly took advantage of Facebook Messenger’s, now defunct, Call Importer option. This feature allowed users to connect their address books to their phone and check which contacts were like to be registered with Facebook so that they could communicate with them through Messenger rather than using other channels.
However, Solonchenko’s intention wasn’t really to chat to 178 million of them. Instead, according to the legal documents, he carried out an act of phone number enumeration scraping and then compiled databases of easily accessible user IDs as well as phone numbers. He then claimed to have put them up for sale in the early December of 2020 on RaidForums.com, which is a marketplace for suspect data, using names like “Solomame” and “Barak_Obama“.
Solonchenko, however, didn’t restrict himself to Facebook alone. He managed to obtain data from other companies too – such as from a Ukrainian bank as well as a Ukrainian personal delivery company as well as a French company that uses data analytics – and put them on sale along with the data of millions of Facebook users. Then, in May of 2021, Solonchenko discovered a potential buyer to his Facebook treasure trove.
Facebook claims that because the defendant owned a minimum of two Facebook accounts, two Facebook applications, and an official Facebook webpage (not including five Instagram accounts), it’s impossible to believe that he escaped from accepting Facebook’s Terms of Service. The Terms of Service prohibit deceitful or fraudulent activities, as well as the collection of information from Facebook products by using automated methods or selling or providing platform data without written permission.
Alongside scraping and selling data Solonchenko’s other accomplishments in the field include being a computer programmer on a contract basis. He’s proficient at Python, PHP, and Xrumer which is software that’s used to send out spam. Facebook’s complaints indicate that a Ukrainian is also proficient in using the Android emulator and affiliate marketing expertise and even had for a time as an online shoe salesperson.
The complaint states that the scrapper used thematic or repeated users’ names, numbers, and emails, and left breadcrumbs which helped the social media giant to identify the same person with different efforts, and eventually challenge him legally.
Taking a lesson from the incident, Facebook took measures to block and stop unauthorized automated requests to its servers and also restrict the scraping of phone numbers for enumeration. Facebook also shut down its Contact Importer on September 19, 2019 when another threat-maker – who wasn’t Solonchenko – utilized it to leak 533 million Facebook users’ phone numbers, including Zuckerberg.
Facebook is now seeking a judge’s approval to ban Solonchenko from accessing Facebook websites or selling information of users which he obtained by illegal means, in addition to unknown damages. While it’s not yet clear how much damages Facebook is seeking, but it’s no rocket science to guess that any company of the size of Facebook, would want less than a few hundred million dollars – a sizeable amount enough for Solonchenko to have nightmares.
