Facebook is all too aware of how developers can make off with private data, and it's willing to go to court to fight that behavior. The Verge has learned that the social network sued two Ukranian men, Andrey Gorbachov and Gleb Sluchevsky, for allegedly swiping private user data through deceptive browser extensions. They enticed users with horoscope and "who are you like" quizzes that would use a legitimate Facebook sign-in at first, but asked users to install add-ons that would grab both publicly visible info as well as private friend lists. They'd also serve their own ads instead of Facebook's own.
Gorbachov and Sluchevsky have been accused of violating the Computer Fraud and Abuse act by accessing data without permission, as well as breach of contract and fraud for misleading Facebook into believing they were above-board. The two reportedly used fake names, and were caught in October 2018 after Facebook conducted a deeper look into browser extensions.
The browser plugins had some success with about 63,000 infections between 2017 and 2018, and also caused some damage to Facebook's bottom line. The company estimated that it spent over $75,000 looking into the intrusion. While the lawsuit doesn't call for specific damages, it wouldn't be shocking for Facebook to try and recoup its expenses.
Lawsuits like this could discourage others from trying similar moves, although this particular case may have a limited effect when Facebook can't compel Gorbachov or Sluchevsky to come to the US. More importantly, it may polish Facebook's image. The firm has been at the heart of multiple privacy scandals in recent months, and lawsuits like this could show that it's taking a more aggressive approach toward data thieves -- even if more substantial privacy reforms could take much longer.