Chrome users are advised to look over their security protection as a lawsuitby Facebook is filed against two malicious extension providers that were exposed stealing user’s data without authorization from the websites of Instagram and Facebook.
The companies which are held responsible are BrandTotal Ltd., a company based in Israel, and Unimania Inc., which is incorporated in Delaware. UpVoice and Ads feed Chrome are the two extension particularly which are declared as great risk.
It is considered that these two companies are behind these two extensions which were available on Google Chrome for download since September and November 2019, it’s estimated that 5000 and 10000 installation are already made which means a massive number of user data is in jeopardy.
Facebook claimed that these extensions mainly stole their date from Facebook, Instagram, Twitter, YouTube and Amazon.
Data that was scraped contain profile information, along with advertisements, advertising metrics and advertising preferences which both of the companies are not authorized to possess.
Facebook later reported that these extensions have nearly the same code which were used in scraping user’s data and then sending the data to same remote servers. From all this information Facebook leads to the conclusion that in fact these two companies are same.
To end the widespread data theft which was spotted by Facebook, Facebook has asked the lobby Google to terminate these extensions for further downloading from the chrome but these extensions are still accessible on the chrome webstore.
Facebook asked judge on the cases of these extensions to eliminate these from chrome and companies who were behind these extensions should offer compensation for scraping user’s data of Instagram and Facebook, they further requested judge to block developers from developing such extension in future.
The legal department of the Facebook since early 2019 have been filling lawsuits against those companies which misuse this platform. Some cases which were filled previously are:
On March 2019 two Ukrainian extensions browsers developers were sued by Facebook (Gleb Sluchevsky and Andrey Gorbachov) for scraping user data.
On August 2019 Facebook sued LionMobi and JediMobi, Android applications developers for “click fraud.”
In October 2019 Israeli company NSO Group was sued by Facebook for development and sale WhatsApp zero-day used in May 2019.
On December 2019 ILikeAd and two Chinese nationals was sued by Facebook, to use Facebook ads on downloading malware.
On February 2020 OneAudience was sued by Facebook for secretly collecting Facebook user data.
On March 2020 Facebook sued Namecheap, to reveal hackers who use malicious domains through their service.
On April 2020 Facebook sued LeadCloak to offer software to mask misleading ads related to the pandemic COVID-19.
On June 2020 MGP25 Cyberint Services was sued by Facebook for selling likes and comments on Instagram.
On June 2020 Massroot8.com was sued by Facebook for stealing Facebook user passwords.
On August 2020 MobiBurn was sued by Facebook for stealing user data.
While on August 2020 Facebook sued Nakrutka, a site that sold likes, comments and followers of Instagram.