Facebook Sues Ukrainian Hacker Who Stole Millions of Sensitive User Details From Messenger

Published on October 23, 2021
Written by:
Supriyo Chatterji
Supriyo Chatterji
Cybersecurity News Writer

Facebook filed a case for data theft on Friday against a Ukrainian for scraping Facebook’s Messenger and selling data of over 178 million users on darknet forums. The hacker abused a Messenger feature to scrape user data over a span of 21 months. The company is now seeking court mandates to bar the man from using Facebook sites and also selling any remaining scraped data along with reparations for damages.

The defendant is a programmer named Alexander Alexandrovich Solonchenko from Kirovograd, Ukraine. According to Facebook, Solonchenko used the Contact Importer feature of Facebook Messenger to gather the data illegally. This feature syncs in with a user’s mobile contacts directory to make connecting with saved numbers easier.

The data theft in question took over 21 months, from January 2018 to September 2019, using an automated tool simulating Android environments to feed Facebook servers with millions of randomized phone numbers. The pingback on actual registered numbers with linked accounts on the site helped Solonchenko collect the data.

source: Facebook

On December 1, 2020, he put the collected information on RaidForums, a well-known cybercrime forum for stolen data trade. According to the documentation, Solonchenko has sold data from multiple companies on this forum under the name "Solomame" and later "barak_obama."

The social media giant caught on to Solonchenko’s online activity after he used these same contact details on job portals and for email accounts. Solonchenko has held jobs as a freelance programmer and also sold shoes online in June 2019 using the business name "Drop Top."

The Contacts Importer feature was removed in 2019. In April 2021, 533 million Facebook user phone numbers were exposed by abusing the same feature and sold on a hacker forum. However, Facebook said then the data set was old and the breach happened two years back, before the feature was taken down.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: