Ukrainian Hackers Pulled A Cambridge Analytica By Using Quizzes To Access Facebook User Data
Facebook’s inability to secure user data is being highlighted once again, this time after it was determined that several Ukrainian hackers managed to distribute online quizzes which provided them with access to user data. The hackers used the obtained data to target Facebook’s users with a malicious request to install a browser extension. The extension then allowed the hackers to serve non-Facebook ads to FB users, according to The Verge.
A report from CNN notes that the hackers were able to gain access to the “Facebook Login” feature on the social network which, in-turn, allowed them to access a user’s private friends list. Among the data stole were a user’s name, age range, and profile picture, along with their friends’ list.
Facebook filed a lawsuit against the hackers with details released in a Northern California court on Friday.
The two men, Andrey Gorbachov, and Gleb Sluchevsky are located in Kiev, Ukraine. They gathered info from various quiz subjects ranging from pets all the way to the royal family. The quizzes often featured such headlines as: “What kind of dog are you according to your zodiac sign?,” according to CNN.
If this scenario sounds in any way familiar that’s because Cambridge Analytica came under fire for similar practices in 2018 when it was discovered the company accessed tens of millions of Facebook user profiles after quizzes were taken by unsuspecting users.
The Facebook hack by the men in Ukraine was discovered in October 2018. The two hackers were running sites such as “Megatest Online” (shown above) which coaxed users into giving them access to their Facebook account.
The hackers were uncovered after they claimed to have access to 120 million Facebook accounts. Cybersecurity experts have shrugged off that number, claiming only 63,000 browser installs were recorded.
Shockingly, Facebook gave them access to the login feature even after they registered for the company’s developer program with pseudonyms that included “Elena Stelmah” and “Amanda Pitt.”
Facebook, after discovering the attack, notified browser companies of the breach.
Here’s the full lawsuit filed by Facebook in the Northern District of California