Meta Platforms announced on Monday that it has filed a federal lawsuit in California against the hackers who were behind the recent Facebook, WhatsApp, and Instagram phishing attacks. The hackers operated over 39,000 phishing websites that impersonated the company’s digital properties in order to trick users into giving out their login credentials.
Meta said the phishing attacks involved the creation of rogue web pages that posed as the login pages for Facebook, Messenger, Instagram, and WhatsApp, respectively. From there, the victims were encouraged to enter their usernames and passwords, which were then stolen by the hackers. Meta is also seeking $500,000 from the alleged hackers.
The attacks were executed using a relay service known as Ngrok, the announcement said. This service redirected internet traffic to the phishing websites in a way that hid the true location of the counterfeit web infrastructure. Meta said that the number of phishing attacks increased since March and that it worked with Ngrok in order to suspend thousands of URLs to the phishing websites.
“This lawsuit is one more step in our ongoing efforts to protect people’s safety and privacy, send a clear message to those trying to abuse our platform, and increase accountability of those who abuse technology,” Jessica Romero, Meta’s director of platform enforcement and litigation, said in the statement.
The lawsuit comes a few days after Meta announced that it took steps to disrupt the activities of over 7 surveillance-for-hire groups that created over 1,500 fake accounts on both Facebook and Instagram. These fake accounts targeted a total of 50,000 users on these platforms in over 100 countries. In November, Meta also said that it banned 4 malicious cyber groups for going after journalists, humanitarian organizations, and anti-regime military forces in both Afghanistan and Syria.