Facebook has filed a lawsuit today against two companies for creating and distributing malicious browser extensions that scraped user data without authorization from the Facebook and Instagram websites.
Named in the lawsuit are BrandTotal Ltd.[1], an Israeli-based company with a Delaware subsidiary, and Unimania Inc.[2], incorporated in Delaware.
The two companies are behind UpVoice[3] and Ads Feed[4], two Chrome extensions available on the official Chrome Web Store since September and November 2019, where they racked up more than 5,000 and 10,000 installs, respectively.
"BrandTotal enticed users to install the UpVoice extension from the Google Chrome Store by offering payments in exchange for installs, in the form of online gift cards, and claiming that the users who installed the extension became 'panelists . . . [who] impact the marketing decisions and brand strategies of multi-billion dollars (sic) corporations'," Facebook said in court documents filed today.
"Similarly, Unimania promoted its Ads Feed extension on the Google Chrome Store by claiming that the users became 'a panel member of an elite community group that impacts the advertising decisions of multi-billion dollar corporations!'," Facebook added.
But Facebook claims that despite their descriptions, both extensions were malicious and designed to scrape public and non-public data from users' online accounts.
According to court documents, Facebook claims the UpVoice extension scraped data from user profiles at Facebook, Instagram, Amazon, Twitter, LinkedIn, Pinterest, and YouTube.
Similarly, Ads Feed collected data from users accessing their Facebook, Instagram, Amazon, Twitter, and YouTube profiles, respectively.
Scraped data usually included user profile information (name, user ID, gender, date of birth, relationship status, and location information), advertisements and advertising metrics (name of the advertiser, image and text of the advertisement,