Press release by: Jessica Romero, Facebook director of Platform Enforcement and Litigation

Facebook has filed separate lawsuits in the UK and the US. This is the first time Facebook is pursuing a lawsuit against an app developer in the UK as well as seeking an audit and an injunction to reinforce our ban against the developer’s use of our platform. 

Specifically, Facebook Inc. and Facebook Ireland sued MobiBurn, OakSmart Technologies and its founder Fatih Haltas in the High Court of Justice for failing to fully comply with our audit request after MobiBurn collected user data from Facebook and other social media companies by paying app developers to install a malicious Software Development Kit (SDK) in their apps. 

When people installed those apps on their devices, MobiBurn collected information from the devices and requested data from Facebook, including the person’s name, time zone, email address and gender. MobiBurn did not compromise Facebook, instead they used the malicious SDK on the users’ devices to collect information.

Security researchers first flagged MobiBurn’s behavior to us as part of our data abuse bounty program. We then took enforcement action, including disabling apps, sending a cease and desist letter, and requesting MobiBurn’s participation in an audit, as required by our policies. MobiBurn failed to fully cooperate.

In a separate case, Facebook Inc. and Instagram LLC sued Nikolay Holper in federal court in San Francisco for operating a fake engagement service known as Nakrutka. Holper used a network of bots and automation software to distribute fake likes, comments, views and followers on Instagram. He used different websites to sell fake engagement services to Instagram users. We previously disabled accounts associated with Holper and his service, formally warned him that he was in violation of our Terms, and sent a cease and desist letter.