Meta files lawsuit to uncover hackers targeting Facebook, WhatsApp

The company is seeking $500,000 from the unnamed threat actors that ran phishing scam on its platforms

Meta, the company formerly known as Facebook, has announced that it has taken legal action against hackers that used phishing attacks in an attempt to trick Facebook, WhatsApp, and Instagram users into sharing their login details.

The tech giant has filed a federal lawsuit in the state of California which aims to “seek records to uncover the identities” of the threat actors taking part in the phishing campaign, which involved the creation of more than 39,000 fake Meta-owned websites since 2019.

The fake websites prompted people to enter their usernames and passwords, allowing the hackers to access and take control of the accounts.

The hackers are also accused of using relay service Ngrok to redirect internet traffic from Meta’s infrastructure, as well as conceal their actions and identities.

In a statement, Meta’s director of Platform Enforcement and Litigation, Jessica Romero, announced that the lawsuit is “one more step” in the company’s “ongoing efforts to protect people’s safety and privacy, send a clear message to those trying to abuse our platform, and increase accountability of those who abuse technology”.

“We will also continue to collaborate with online hosting and service providers to identify and disrupt phishing attacks as they occur. We proactively block and report instances of abuse to the hosting and security community, domain name registrars, privacy/proxy services, and others. And Meta blocks and shares phishing URLs so other platforms can also block them,” she said.

Related Resource

Bridging the DevSecOps divide: Spotlight on zero trust

Security at the forefront

Whitepaper title on a white page with a green trapezoid across the coverFree download

Meta stated that, since March 2021, “when the volume of these attacks increased”, the company managed to “suspend thousands of URLs to the phishing websites”. 

With the newly-filed lawsuit, it’s now seeking to recover “the greater of their actual damages” or $500,000 (£377,472.50).

The news comes weeks after Google launched legal action against a group of Russian hackers in what it claimed was the world’s first lawsuit against a blockchain-enabled botnet. The document only names two Russian nationals whose identities are known – Dmitry Starovikov and Alexander Filippov – but also includes 15 anonymous accomplices who are all believed to be based in Russia.

Featured Resources

How virtual desktop infrastructure enables digital transformation

Challenges and benefits of VDI

Free download

The Okta digital trust index

Exploring the human edge of trust

Free download

Optimising workload placement in your hybrid cloud

Deliver increased IT agility with the cloud

Free Download

Modernise endpoint protection and leave your legacy challenges behind

The risk of keeping your legacy endpoint security tools

Download now

Recommended

Russia's "politically motivated" REvil raid could be used as leverage, experts warn
ransomware

Russia's "politically motivated" REvil raid could be used as leverage, experts warn

17 Jan 2022
Five things to consider before choosing an MFA solution
Security

Five things to consider before choosing an MFA solution

17 Dec 2021
Australia and US sign CLOUD Act data-sharing deal to support criminal investigations
cyber crime

Australia and US sign CLOUD Act data-sharing deal to support criminal investigations

16 Dec 2021
UK unveils £2.6 billion National Cyber Strategy
Policy & legislation

UK unveils £2.6 billion National Cyber Strategy

15 Dec 2021

Most Popular

How to move Microsoft's Windows 11 from a hard drive to an SSD
Microsoft Windows

How to move Microsoft's Windows 11 from a hard drive to an SSD

4 Jan 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

6 Jan 2022
Microsoft Exchange servers break thanks to 'Y2K22' bug
email delivery

Microsoft Exchange servers break thanks to 'Y2K22' bug

4 Jan 2022