Social media network Facebook has filed two lawsuits this week against the operators of two websites that abused its platforms to sell Instagram likes and harvest passwords and information on Facebook users, respectively.
The lawsuits, announced in a blog post today, are just the latest in a long series of litigations the company has filed over the past one year and a half.
The first of these lawsuits was filed in Madrid, Spain. Facebook sued a local company named MGP25 Cyberint Services, which operates an online website that sells Instagram likes and comments.
“The defendant’s service was designed to evade Instagram’s restrictions against fake engagement by mimicking the official Instagram app in the way that it connected to our systems,” Jessica Romero, Director of Platform Enforcement and Litigation said today.
“The defendants did this for profit, and continued to do so even after we sent a Cease and Desist letter and disabled their accounts.”
In addition, Facebook also filed a second lawsuit in the US, in a San Francisco court, against Mohammad Zaghar, the owner of Massroot8.com.
The website claims to allow users to manage multiple Facebook accounts at once, but Facebook alleges that Zaghar’s service steals users’ Facebook passwords once they up for an account.
The social network says Zaghar then uses these passwords to surreptitiously access and scrape users’ accounts and harvest data from their friends.
According to court documents obtained by ZDNet, Facebook said the defendant accessed more than 5,500 Facebook accounts, an operation that Facebook says violates the Computer Fraud and Abuse Act, the US law that governs hacking offenses.
Romero says that despite sending Zaghar a Cease and Desist letter and disabling his Facebook accounts, the Massroot8 website continues to operate to this day.
Before operating Massroot8, Facebook said Zaghar also operated two other sites — fast-likers.com and fast-autolikers.com — that sold Facebook likes and follows.
Below is a summary of all the lawsuits that Facebook has filed since the start of 2019. Most are aimed at app developers and website operators who have abused the site to scrape user data or infect users with malware.
March 2019 – Facebook sued two Ukrainian browser extension makers (Gleb Sluchevsky and Andrey Gorbachov) for allegedly scraping user data.
May 2019 – Facebook sued RankWave, a South Korean company that broke ad platform rules and refused to comply with a Facebook audit.
August 2019 – Facebook sued LionMobi and JediMobi, two Android app developers on allegations of advertising click fraud.
October 2019 – Facebook sued Israeli surveillance vendor NSO Group for developing and selling a WhatsApp zero-day that was used in May 2019 to attack attorneys, journalists, human rights activists, political dissidents, diplomats, and government officials.
December 2019 – Facebook sued ILikeAd and two Chinese nationals for using Facebook ads to trick users into downloading malware.
February 2020 – Facebook sued OneAudience, an SDK maker that secretly collected data on Facebook users.
March 2020 – Facebook sued Namecheap to unmask hackers who registered malicious domains mimicking Facebook brands.
April 2020 – Facebook sued LeadCloak, a company that provided software to promote scams related to COVID-19, pharmaceuticals, diet pills and more.
June 2020 – Facebook sued to unmask and take over 12 domains containing Facebook brands and used to scam Facebook users.