According to the lawsuit, OneAudience improperly accessed and collected user data from Facebook and other social media companies by paying App developers to install a malicious Software Development Kit (SDK) in their apps.
“After a user installed one of these apps on their device, the malicious SDK enabled OneAudience to collect information about the user from their device and their Facebook, Google, or Twitter accounts, in instances where the user logged into the app using those accounts,” read the lawsuit.
Security researchers first flagged OneAudience’s behaviour to Facebook as part of its data abuse bounty programme.
Facebook, and other affected companies, then took enforcement measures against OneAudience.
“Facebook’s measures included disabling apps, sending the company a cease and desist letter, and requesting their participation in an audit, as required by our policies. OneAudience declined to cooperate,” said Jessica Romero, Director of Platform Enforcement and Litigation.
“This is the latest in our efforts to protect people and increase accountability of those who abuse the technology industry and users,” she added.
In November last year, Facebook and Twitter admitted that data of hundreds of users was improperly accessed by some third-party apps on Google Play Store as they logged into those apps.
Security researchers discovered that the One Audience and Mobiburn software development kits (SDK) provided access to users’ data, including email addresses, usernames, and recent tweets, on both the platforms.
Twitter and Facebook said they will notify those whose information was likely shared through apps.
Facebook has sued several third-party platforms in the recent past for scrapping users’ data, including Israeli surveillance vendor NSO Group that sells malicious software Pegasus to government agencies.
“Through these lawsuits, we will continue sending a message to people trying to abuse our services that Facebook is serious about enforcing our policies, including requiring developers to cooperate with us during an investigation, and advance the state of the law when it comes to data misuse and privacy,” said the company.