Site navigation

Facebook Sues Over Data-Scraping Browser Extensions

Michael Behr



Facebook says that four browser extensions contained malicious code that functioned like spyware.

Facebook is suing two Portuguese nationals for developing browser extensions that scraped user data from Facebook’s sites.

The suit was brought Facebook against the two people using the business name Oink and Stuff. The developer creates a range of extensions for browsers, including Chrome, Firefox, and Microsoft Edge.

Facebook claims that the two individuals misled users into installing the extensions with a privacy policy that claimed they did not collect any personal information.

Four of their extensions — Web for Instagram plus DM, Blue Messenger, Emoji keyboard and Green Messenger were malicious and contained hidden computer code that functioned like spyware.

The four extensions have been downloaded and installed over 54,000 times from the Chrome Web Store.

“When people installed these extensions on their browsers, they were installing concealed code designed to scrape their information from the Facebook website, but also information from the users’ browsers unrelated to Facebook — all without their knowledge,” said Facebook Director of Platform Enforcement and Litigation Jessica Romero.

“If the user visited the Facebook website, the browser extensions were programmed to scrape their name, user ID, gender, relationship status, age group and other information related to their account.”

She added that the extensions were installed on the users’ devices to collect information, so Facebook’s security systems were not compromised.

“We are seeking a permanent injunction against defendants and demanding that they delete all Facebook data in their possession. This case is the result of our ongoing international efforts to detect and enforce against those who scrape Facebook users’ data, including those who use browser extensions to compromise people’s browsers.”


This is not the first time that Facebook has sued third-party app and extension developers over scraping data from its platform. The Cambridge Analytica scandal, where up to 87 million Facebook users had their data exposed to the political consulting firm, placed the danger of a data leak firmly in the public imagination.

With data frequently touted as being the new oil, Facebook, along with the other big techs, are the primary gatekeepers of most of our data. As such, it is no surprise that bad actors would target those companies to access such a valuable commodity.

However, even the ‘legitimate’ use of user data by the big techs is coming under growing scrutiny.

The recent controversy over the new WhatsApp privacy policy, which will require users to share numerous data points with the messaging app’s parent company Facebook, shows the growing concerns shared by many about how their data is used.

For the big techs, data is their lifeblood. Google and Facebook rely on accessing, processing, and combining user data to help target advertising. Even Apple and Amazon, which have more traditional, physical business models, use data on their customers to give them an edge.

As such, faced with a growing movement that threatens the core of their business model, some big techs are starting to push their privacy credentials and take action to reassure customers that their data is in safe hands.

Michael Behr

Senior Staff Writer

Latest News

Cybersecurity Data Protection
Editor's Picks Recruitment Trending Articles
Cybersecurity Featured Skills
%d bloggers like this: