[BreachExchange] Facebook Sues Ukrainian Hackers Who Used Quiz Apps To Steal User Data

Destry Winant destry at riskbasedsecurity.com
Thu Mar 14 03:50:35 EDT 2019


Facebook is suing two Ukranian men for running a years-long hacking
scheme that ended up stealing personal data from social media users
through quiz apps.

The Menlo Park-based company accused Gleb Sluchevsky and Andrey
Gorbachov of scamming Facebook users into installing malware to their
browsers. These malicious plug-ins hid in the form of "character and
popularity" quizzes or horoscopes.

Facebook said it discovered the hackers' scheme "through an
investigation of malicious extensions." The company promptly suspended
all affected the accounts in October. It then contacted browser makers
to have the malware removed.

Malicious Browser Plug-Ins

Sluchevsky and Gorbachov reportedly used four popular web apps
including FQuiz and Supertest. Through this malware, the two men were
able to victimize as many as 63,000 Facebook accounts, most of which
were owned by Ukrainian and Russian users.

The scheme worked by presenting Facebook users with interesting quiz
titles such as "What Kind of Person Do People Think You Are?" or "What
Does Your Eye Color Say About You?"

These quizzes would then ask users to allow them to connect their
profiles to third-party apps via the Facebook Login feature.

Once a user profile was connected, Sluchevsky and Gorbachov would then
send and install malicious plug-ins to their victims' browsers. This
would allow the hackers to mine accounts for private data, including
personal information on the victims and everyone else on their
friends' lists.

The culprits also used malware to forcibly "inject unauthorized
advertisements" to Facebook News Feeds or other social media websites
whenever victims of the scam go online. Facebook's complaint said
Sluchevsky and Gorbachov caused the company to suffer to "irreparable
reputational harm."

The company has accused the Ukrainian duo of violating the Computer
Fraud and Abuse Act by illegally accessing Facebook data. The two
culprits are also facing charges of fraud and breach of contract for
misrepresenting themselves as legitimate developers.

Private Data For Sale

Sluchevsky and Gorbachov's hacking scheme is likely connected to an
incident last year, where 81,000 private Facebook messages were
compromised and offered for sale.

Hackers had put up an advertisement claiming that they would allow
access to the accounts for 10 cents a piece. However, the ad was later
taken down.

Facebook denied having cybersecurity breach, though it did contact
browser makers about potential threats.

"We have contacted browser-makers to ensure that known malicious
extensions are no longer available to download in their stores," a
Facebook spokesman said.

"We have also contacted law enforcement and have worked with local
authorities to remove the website that displayed information from
Facebook accounts."

The BBC later confirmed that more than 81,000 of the Facebook accounts
being offered by hackers indeed contained private messages.

Some 176,000 additional profiles were also made available, though
these were said to be taken from accounts that had some personal
information, such as phone numbers and e-mail address, open to the

The case against Sluchevsky and Gorbachov is different from the
Cambridge Analytica scandal, where Facebook allegedly gave developers
access to user information.

More information about the BreachExchange mailing list