Facebook has filed suit against a Ukrainian national on Friday for allegedly scraping the website and selling the personal information of more than 173 million users through an underground forum for cybercrime.
According to court documents filed this morning, the man was identified today as Alexander Alexandrovich Solnchenko. He is a Kirovograd native.
Facebook alleges Solonchenko has abused a feature within the Facebook Messenger service called Kontakt Importer.
The feature enabled users to synchronize their phones and see who had a Facebook Account. This allowed them to reach their friends via Facebook Messenger.
Over 21 months of scrapping were involved
Facebook reported that Solonchenko used an automate tool to pretend to have Android devices, in order to feed Facebook millions of random phone numbers between January 2018 – September 2019.
Solonchenko obtained the data via Facebook, and he posted it on RaidForums. RaidForums is a well-known cybercrime forum.
Facebook reported that Solonchenko is a prodigious user of the forum. Solonchenko used the username Solomame but was later renamed to Barak_obama. Solonchenko also had sold the data for hundreds of million users from multiple companies.
Facebook claims Solonchenko, who has been selling stolen or scraped Ukrainian data since 2020, was the largest commercial bank in Ukraine, Ukraine’s largest delivery service, and a French data analysis company, according to court documents.
OpSec mistake tied Solonchenko persona to Solomame
Social network claimed Solonchenko could be linked to RaidForums user, after Solonchenko used similar usernames and contact methods on job portals.
Facebook explained that Solonchenko was a freelance programer who worked with several programming languages like PHP, Python and Xrumer. “Xrumer is a software for spamming; automating Android emulator tasks; and conducting affiliate marketers,” Facebook said.
Facebook said Solonchenko sold shoes online “until or around June 2019,” Facebook added.
Solonchenko is currently asking a judge for injunctions to stop Solonchenko accessing Facebook sites and selling any additional scraped Facebook data. Unspecified damages are also being sought by the social media network.
Facebook retired the Contact Importer feature on September 2019,
Solonchenko’s incident marks the second Facebook data-scrape that was conducted using Messenger Contact Importer. This information was then shared via RaidForums.
Another threat actor exposed the phone numbers and email addresses of 533 million Facebook users in April 2021. Facebook stated that this was done by abusing the same feature.
Facebook stated that it had retired the Messenger Contact importer feature in September 2019 following an investigation into Solonchenko’s exploitation and other threats.