Facebook has filed lawsuits today in both the US and the UK against MobiBurn, a UK software company that provided advertising tools for mobile app developers.
In particular, MobiBurn provided an advertising software development kit (SDK) that allowed app developers to embed ads inside their applications and monetize user behavior.
But in a lawsuit filed today, Facebook claims the SDK contained malicious code that illegally collected the personal data of Facebook users.
Facebook said the data was collected when users installed any mobile app that contained the MobiBurn advertising SDK. When this happened, the code would activate and collect a person's name, time zone, email address, and gender.
"Security researchers first flagged MobiBurn's behavior to us as part of our data abuse bounty program," said Jessica Romero, Facebook's Director of Platform Enforcement and Litigation.
MobiBurn declined to participate in an audit
However, while Facebook was handling this report internally, these findings also made it into the press in November 2019, when CNBC run an article detailing MobiBurn's practices.
The same article also accused OneAudience, another company that provided an advertising SDK, for engaging in similar practices.
A day after the CNBC report, both SDK makers posted messages on their websites claiming they only provided the tools but were not involved in the data collection, shifting blame to the mobile app developers who abused their SDKs.
Both companies also discontinued their respective SDKs.
However, at the time, as part of its internal investigation, Facebook also wanted both SDK makers to cooperate and submit to an audit, so Facebook could confirm their statements and make sure the companies deleted any Facebook user data they had illegally obtained.
Both companies declined to cooperate. Facebook sued OneAudience in February, and, today, the social network is following through with its lawsuit against MobiBurn.
While initially MobiBurn did not return a request for comment, the company provided a subsequent statement after this article went live.
Second lawsuit also filed today
But Facebook also sued a second company today. The social network also sued Nikolay Holper for operating Nakrutka, a website that sold Instagram likes, comments, and followers.
Facebook said that Holper operated a network of Instagram bot accounts, which he advertised through the Nakrutka website.
Before filing today's lawsuit, Facebook said it tried several other methods to dissuade Holper from continuing running the site, such as sending a formal warning, cease and desist letters, and by disabling Holper and Nakrutka's accounts on Instagram.