We may earn a commission if you click a deal and buy an item. This is how we make money.

Facebook is suing two developers for using a malicious browser add-on to steal data

Facebook has filed a lawsuit against two Ukrainian men is alledges used a browser plug in to steal user data.

The men – Andrey Gorbachov and Gleb Sluchevsky – are accused of tempting users in with the promise of personality quizzes if they simply logged in with Facebook and then downloaded a browser plugin. Unbeknownst to them, Facebook claims, the plugin would then lift Facebook data, including private friends lists and show the developers’ own ads.

The Verge reports that around 63,000 Facebook users’ browsers were infected between 2017 and 2018 – mostly based in Russia and Ukraine. As a result, both men are accused of violating the Fraud and Abuse act, as well as breach of contract and fraud for convincing Facebook that they were legitimate developers that could be trusted with the Facebook Login feature.

Related: How to delete a Facebook account permanently

In the suit, Facebook claims that victims “effectively compromised their own browsers” by installing the add ons. That’s technically true, but it’s also accurate to say that it would have been less of a risk to them if the accused hadn’t been granted developer access. All the same, that’s a clear distinction between this and the Cambridge Analytica scandal, where the data acquisition was entirely possible without the victims’ assistance.

The lawsuit doesn’t mention anything about damages, but does claim that investigating the breach cost Facebook more than $75,000. That may be a moot point of course: Facebook has no way of compelling Gorbachov or Sluchevsky to come to America for the case to be heard.

But whether or not the case ever does come to anything, it’s a clear signal from Facebook: the recent privacy breaches are causing the company reputational damage, and it’s going to be much more bullish in going after those that abuse its trust in future.

Do you still use Facebook, or have you deleted your account? Let us know on Twitter: @TrustedReviews.