On Monday, December 20, 2021, Meta Platforms, Inc., formerly known as Facebook, Inc., filed a lawsuit in the U.S. District Court, Northern District of California, in an attempt to disrupt a phishing scam taking place on its platforms. The lawsuit alleges that the defendants created over 39,000 websites to deceive users and collect login information.
The complaint states that from around September 2020 through September 2021, Social Data Trading Ltd. improperly collected user login information from Instagram, YouTube, and TikTok. Over 91 million Instagram users, 5.5 million TikTok users, and 3.9 million YouTube users were affected by the phishing scam. Social Data Trading Ltd. allegedly created over 39,000 websites to mimic the login pages of Facebook, Messenger, Instagram, and WhatsApp, where users inputted their usernames and passwords. Meta claims that a relay service was used to “redirect internet traffic to the phishing websites in a way that obscured their attack infrastructure.” The complaint makes clear that the scraping software in question was unable to “circumvent users’ privacy settings and unable to scrape data that was not otherwise viewable to a user’s followers.”
The lawsuit claims that Social Data Trading Ltd. used automated Instagram accounts and a bot network to “scrape publicly viewable profiles of Instagram users, including the username, profile photo, number of followers, posts, and likes, and information about their followers, including gender, language, and location.” This data was then allegedly sold “as ‘demographics’ and ‘insights’ about ‘influencers and their audiences.'” Meta notified Social Data Trading Ltd. of its violations no later than May 20, 2021, revoked their access to its service, and disabled their accounts. The lawsuit alleges that Social Data Trading Ltd. thereafter began using a new business name to continue the same scam.
The complaint states causes of action for breach of contract, willful violation of California Penal Code § 502 (California Comprehensive Computer Data Access and Fraud Act), and unjust enrichment. The lawsuit seeks in relief a declaratory judgment, a permanent injunction, and damages, including pre-judgment and post-judgment interest.
Meta files federal lawsuit to uncover individuals running a phishing scam on its platforms, TechCrunch (December 20, 2021)
Meta Platforms, Inc. v. Social Data Trading Ltd. (Case No. 3:2021cv09807)
Photo Credit: Rokas Tenys / Shutterstock.com