Facebook Sues Over 'data-grabbing' Quizzes

Supertest quizzes
Image caption Facebook alleges that quizzes on apps named Supertest or FQuiz, among others, were part of the scheme

Malicious quiz apps were used to harvest thousands of users' profile data, according to Facebook.

The firm says anyone who wanted to take the quizzes was asked to install browser extensions, which then lifted data ranging from names and profile pictures to private lists of friends.

These were installed about 63,000 times between 2016 and October 2018, it says.

Facebook is suing Andrey Gorbachov and Gleb Sluchevsky, of Ukraine, who worked for a company called Web Sun Group.

'Computer hacking'

The quizzes, with titles such as "What does your eye colour say about you?" and "Do people love you for your intelligence or your beauty?", gained access to this information via the Facebook Login system - which enables connections between third party apps and Facebook profiles.

While the system is intended to verify that such connections are secure, in this case, Facebook says, users were falsely told the app would retrieve only a limited amount of public data from their profiles.

"In total, defendants compromised approximately 63,000 browsers used by Facebook users and caused over $75,000 [£58,000] in damages to Facebook," the company said in court documents first published by online news site The Daily Beast.

The documents accuse the two men of breaking US laws against computer hacking as well as breaching Facebook's own terms of use.

Verification procedures

The BBC has contacted Web Sun Group for comment.

Andrew Dwyer, a cyber-security expert at the University of Oxford, said the court document suggested users who installed the browser extensions had "effectively opened up entry into their Facebook accounts".

Facebook's existing verification procedures would have struggled to recognise this kind of malicious activity before allowing the apps access to users' profiles, he said.

"Fundamentally, this shows the failures of the app ecosystem - where there was little verification of what apps were doing," he told BBC News.

"As the [alleged] malicious activity was outside of the app, the typical review process of verifying the app may not have caught this activity."

RECENT NEWS

From Chip War To Cloud War: The Next Frontier In Global Tech Competition

The global chip war, characterized by intense competition among nations and corporations for supremacy in semiconductor ... Read more

The High Stakes Of Tech Regulation: Security Risks And Market Dynamics

The influence of tech giants in the global economy continues to grow, raising crucial questions about how to balance sec... Read more

The Tyranny Of Instagram Interiors: Why It's Time To Break Free From Algorithm-Driven Aesthetics

Instagram has become a dominant force in shaping interior design trends, offering a seemingly endless stream of inspirat... Read more

The Data Crunch In AI: Strategies For Sustainability

Exploring solutions to the imminent exhaustion of internet data for AI training.As the artificial intelligence (AI) indu... Read more

Google Abandons Four-Year Effort To Remove Cookies From Chrome Browser

After four years of dedicated effort, Google has decided to abandon its plan to remove third-party cookies from its Chro... Read more

LinkedIn Embraces AI And Gamification To Drive User Engagement And Revenue

In an effort to tackle slowing revenue growth and enhance user engagement, LinkedIn is turning to artificial intelligenc... Read more

We use cookies to give you the best experience possible. By continuing we’ll assume you’re on board with our cookie policy.