Facebook has filed a federal lawsuit against a company called OneAudience, accusing it of stealing the personal information of its users. According to Facebook’s announcement, OneAudience paid third-party developers to install a malicious software development kit (SDK) in their apps that allowed it to collect people’s data without their knowledge.
News of the exposure first came out last November when Facebook and Twitter verified the findings of independent security researchers. At the time, Facebook said OneAudience and another SDK developer called Mobiburn obtained information like people’s names, emails and gender. Facebook went on to notify 9.5 million users that their data had potentially been compromised.
In the aftermath of the disclosure, Facebook says it sent OneAudience a cease-and-desist letter and asked it to take part in an audit. The company claims OneAudience “declined to cooperate.”
“Through these lawsuits, we will continue sending a message to people trying to abuse our services that Facebook is serious about enforcing our policies, including requiring developers to cooperate with us during an investigation, and advance the state of the law when it comes to data misuse and privacy,” the company said. We’ve reached out to the company for additional information on the suit, and we’ll update this article when we hear back.
Facebook has been cracking down on data abuse over the past couple of years. For instance, last year it sued a Hong Kong company for tricking people into clicking on bogus links as a way to hijack their accounts.