[ By Bobby Anthony ]Facebook has filed a federal lawsuit in a California court against a New Jersey-based data analytics firm OneAudience, allegedly for secretly harvesting its users' data, echoing the Cambridge Analytica scandal.According to the lawsuit, OneAudience improperly accessed and collected user data from Facebook and other social media companies by paying app developers to install...
Facebook has filed a federal lawsuit in a California court against a New Jersey-based data analytics firm OneAudience, allegedly for secretly harvesting its users' data, echoing the Cambridge Analytica scandal.
According to the lawsuit, OneAudience improperly accessed and collected user data from Facebook and other social media companies by paying app developers to install a malicious Software Development Kit (SDK) in their apps.
“After a user installed one of these apps on their device, the malicious SDK enabled OneAudience to collect information about the user from their device and their Facebook, Google, or Twitter accounts, in instances where the user logged into the app using those accounts,” read the lawsuit.
Security researchers first flagged OneAudience's behavior to Facebook as part of its data abuse bounty program.
Facebook, and other affected companies, then took enforcement measures against OneAudience.
“Facebook's measures included disabling apps, sending the company a cease and desist letter, and requesting their participation in an audit, as required by our policies. OneAudience declined to cooperate,” Jessica Romero, Director of Platform Enforcement & Litigation stated.
“This is the latest in our efforts to protect people and increase accountability of those who abuse the technology industry and users,” she added.
In November 2019, Facebook and Twitter admitted that data of hundreds of users was improperly accessed by some third-party apps on Google Play Store as they logged into those apps.
Later, cybersecurity researchers discovered that One Audience and Mobiburn software development kits (SDK) provided access to users' data, including email addresses, usernames, and recent tweets, on both the platforms.
Twitter and Facebook said they will notify those whose information was likely shared through apps.
In the recent past, Facebook has sued several third-party platforms for scrapping users' data, including Israeli surveillance vendor NSO Group which sells malicious spyware called Pegasus to government security agencies.
“Through these lawsuits, we will continue sending a message to people trying to abuse our services that Facebook is serious about enforcing our policies, including requiring developers to co-operate with us during an investigation, and advance the state of the law when it comes to data misuse and privacy,” according to the Facebook statement.