Combating Scraping by Malicious Browser Extensions

By Jessica Romero, Director of Platform Enforcement and Litigation

Facebook Inc. and Facebook Ireland have filed a legal action in Portugal against two people for scraping user-profiles and other data from Facebook’s website, in violation of our Terms of Service and Portugal’s Database Protection Law. 

Using the business name “Oink and Stuff,” the defendants developed browser extensions and made them available on the Chrome store. They misled users into installing the extensions with a privacy policy that claimed they did not collect any personal information. Four of their extensions Web for Instagram plus DM, Blue Messenger, Emoji keyboard and Green Messenger were malicious and contained hidden computer code that functioned like spyware.

When people installed these extensions on their browsers, they were installing concealed code designed to scrape their information from the Facebook website, but also information from the users’ browsers unrelated to Facebook all without their knowledge. If the user visited the Facebook website, the browser extensions were programmed to scrape their name, user ID, gender, relationship status, age group and other information related to their account. The defendants did not compromise Facebook’s security systems. Instead, they used the extensions on the users’ devices to collect information.  

We are seeking a permanent injunction against defendants and demanding that they delete all Facebook data in their possession. This case is the result of our ongoing international efforts to detect and enforce against those who scrape Facebook users’ data, including those who use browser extensions to compromise people’s browsers.

To help personalize content, tailor and measure ads, and provide a safer experience, we use cookies. By clicking or navigating the site, you agree to allow our collection of information on and off Facebook through cookies. Learn more, including about available controls: Cookie Policy