Meta

How We Work to Safeguard People Against Clone Sites

By Mike Clark, Product Management Director

Takeaways

  • We’ve been successful in court and obtained a judgment against an operator of Instagram clone sites, displaying scraped data. We’ve also filed a lawsuit in Northern California to enforce our Terms of Use against the defendant Ekrem Ateş, the operator of a clone site called “MyStalk”.
  • In the first half of 2021, we tracked over 100 different clone sites. By mid-year, through our disruption efforts, the known clone site ecosystem was reduced by approximately 90%.

Over the past year, we’ve shared a number of updates on the work of our External Data Misuse (EDM) and legal teams to combat unauthorized data scraping across our services. Today, we’re sharing an update on clone sites — what they are and the risks they carry, how our teams are working to address them and ways you can protect your data. We also announced litigation targeting clone sites and scraping for-hire services.

What Is a Clone Site?

A clone site is a third-party site that duplicates, in whole or in part, the content of an existing site. Among other things, clone sites can be used to display people’s scraped data, scam people, and damage the credibility of the original site.

One of the ways clone sites are able to compile people’s data is through the use of self-compromised accounts. A common way this happens is when people provide their Facebook or Instagram credentials to websites and apps offering free likes, followers or other promises in exchange for their Facebook or Instagram credentials. None of the services are authorized, affiliated with or endorsed by Meta.

People should never provide their Facebook or Instagram password anywhere online outside of logging in through the official Facebook or Instagram website and apps or through the “Login with Facebook” button that we allow authorized third-party developers to provide on their site. 

Taking Action Against Unauthorized Scraping and Clone Sites

In the first half of 2021, we tracked over 100 different Instagram clone sites. By mid-year, through our disruption efforts, the known clone site ecosystem was reduced by approximately 90%.

In 2020, we filed an action against a defendant scraping people’s publicly-visible information from Instagram in order to create a network of clone sites. This was a violation of our Terms of Service and we filed a lawsuit in order to protect our users. The Court recently issued a final judgment in our favor and found Defendant liable for scraping data from Instagram users and republishing it on his clones sites. The Defendant was ordered by the Court to pay over $200,000 and is banned from using Facebook or Instagram. This decision will help protect people and send a message that this conduct is not tolerated by Meta.

We continue to take action against unauthorized scraping and clone sites. Today, we filed a lawsuit in Northern California to enforce our Terms of Use. Operating under the name “MyStalk,” the defendant Ekrem Ateş used unauthorized automation software to improperly access and collect — or “scrape” — the profiles of Instagram users. 

MyStalk’s software used thousands of automated Instagram accounts that falsely identified themselves as legitimate Instagram users connected to either the official Instagram mobile application or website. Through this fraudulent connection, the Defendant scraped data from the profiles of over 350,000 Instagram users and collected posts, photos, Stories, and profile information. These profiles had not been set to private by the users and, beyond a limited number of profiles and posts, were publicly viewable only to logged-in Instagram users. Defendant published the scraped data on his own websites, which display user data scraped from Instagram. 

Since February 2021, we have taken a number of enforcement actions against this Defendant, including disabling accounts, sending a cease and desist letter, and revoking the Defendant’s access to Meta’s services. 

How Can I Keep My Account and Information Safe?

Giving unauthorized apps or websites your login credentials provides them with complete access to your account, allowing them to see personal messages, find information on your friends and potentially post harmful content on your profile.

When people compromise their accounts in this way, they lose visibility and control of who is viewing their content and interacting with their account, and their data can be used for a variety of potentially nefarious purposes. 

Here are steps you can take to protect your data:

  • Review your privacy settings regularly to ensure they align with your current preferences.
  • Review our tips on how to keep your Facebook and Instagram accounts secure.
  • Use our Privacy Checkup feature to be guided through your privacy and security settings, including Who Can See What You Share and How People Can Find You on Facebook.

Check for regular updates and insights on our privacy initiatives on our Privacy Matters page.



To help personalize content, tailor and measure ads, and provide a safer experience, we use cookies. By clicking or navigating the site, you agree to allow our collection of information on and off Facebook through cookies. Learn more, including about available controls: Cookie Policy