Kevin Poulsen reports:
Two Ukrainian men used online quizzes to lure more than 60,000 Facebook users into installing malicious browser extensions that exfiltrated their profile data and friends lists to offshore servers, according a federal lawsuit the company filed late Friday.
The men, Andrey Gorbachov and Gleb Sluchevsky, allegedly used the browser extensions to overlay their own advertisements onto Facebook’s news feed when their victims visited through the compromised browsers. The company doesn’t offer a motive for the data-scraping, but it may have been used to work friends’ names into the ad copy, mimicking the form of many genuine Facebook ads.
Read more on Daily Beast.