Facebook login page on mobile showing Facebook suing two websites for data scraping

Facebook Goes All Out on Data Scraping

Social media giant Facebook once again took to the courts earlier this month, this time suing two websites for allegedly abusing its platforms to sell likes on Instagram and for the data scraping of private information, including passwords, from users. The new legal action, announced in a June 18 blog post, marks the most recent in a long line of court cases that Facebook has launched in recent years.

The two defendants, one from California in the US and the other from Spain respectively, are being accused of similar charges, both for the “use of unauthorized automation software on Facebook and Instagram,” according to Facebook.

“This is one of the first times a social media company is using coordinated, multi-jurisdictional litigation to enforce its Terms and protect its users,” wrote Jessica Romero, Facebook’s director of platform enforcement and litigation in the announcement. “The defendants in the European lawsuit operated a Spain-based fake engagement service, and the defendant in the US lawsuit operated a data scraping service with ties to California,” she added.

Data scraping, the extraction of data from human-readable sources across the internet, remains a widespread and controversial practice. While it can stand to benefit businesses for purposes of direct marketing, data scraping can just as easily be used to gather personal information about internet users in an illegal manner.

Lawsuit against MGP25 Cyberint Services

Facebook’s first of the two lawsuits against data scraping was filed in a commercial court in Madrid, Spain, according to the social media giant. The defendant is reportedly a local company called MGP25 Cyberint Services and its unnamed founder, who were sued by Facebook Ireland, the platform’s European organization.

According to the lawsuit, MGP25 Cyberint Services operates an online website that sells Instagram likes and comments.

“The defendant’s service was designed to evade Instagram’s restrictions against fake engagement by mimicking the official Instagram app in the way that it connected to our systems,” wrote Romero. “The defendants did this for profit, and continued to do so even after we sent a Cease and Desist letter and disabled their accounts,” she added.

MGP25 Cyberint Services is a computer and office equipment wholesaler based in Madrid, Spain, according to company databases. It has a total of two employees and turns over  $77,000 in annual revenue from sales.

Lawsuit against Mohammad Zaghar

Over and above Facebook’s Spanish lawsuit, the social media giant also filed a second lawsuit with a federal court in San Francisco. In this case, the data scraping charge was made against an individual, Mohammad Zaghar, the owner of Massroot8.com.

According to Facebook’s lawsuit and multiple subsequent reports, Massroot8.com, which has since been deregistered, purported to offer a service in which multiple Facebook accounts could be managed at once. However, under the guise of providing such a service, Facebook contests that Massroot8.com in fact steals passwords of its users. Once passwords are in the bag, Zaghar then accessed the users’ accounts and went about with data scraping as much information as needed, including the phone numbers, gender, date of birth and email addresses of Facebook friends.

In addition to the above charges, a set of court documents which were obtained by tech news site ZDNet later revealed that Zaghar had accessed some 5,500 Facebook accounts in this manner.

As such, according to the social media giant, Zaghar’s actions had flagrantly violated the Computer Fraud and Abuse Act. “The defendant engaged in this abuse even after Facebook sent a Cease and Desist letter and disabled his accounts,” Romero added to this end.

Facebook is pursuing $75,000 in damages against Zaghar for the alleged abuse, according to the official complaint.

Facebook puts data scraping in the crosshairs

Facebook’s two newest data scraping lawsuits are the latest in a long line of similar legal actions. A year ago, for example, in March 2019, Facebook took legal action against two Ukrainian developers, Gleb Sluchevsky and Andrey Gorbachov. The two men were charged for developing Facebook apps and browser extensions that harvested user data and injected ads into users’ timelines, according to reports at the time.

More recently, on June 8, Facebook launched a similar lawsuit in order to uncover and seize 12 domain names that pretended to be linked to the Facebook brand. Personal information would then be harvested on these sites, among other malicious activities, according to the lawsuit.

The most lawsuits targeting scraping activities mark what appear to be a positive development for data protection. According to Facebook, the action reiterates its commitment to this end across all of its services. “Today’s legal actions demonstrate our commitment to enforcing our policies and holding people accountable for abusing our services,” concluded Romero.