Today, we’ve filed separate actions in federal court against a company and an individual for scraping data from Facebook and Instagram.
Octopus: Scraping For Hire
The first action is against a company called Octopus, a US subsidiary of a Chinese national high-tech enterprise that claims to have over one million customers. Octopus offers scraping services and access to software that customers can use to scrape any website. For a fee, Octopus customers can launch scraping attacks from its cloud-based platform or hire Octopus to scrape websites directly. Octopus offers to scrape data from Amazon, eBay, Twitter, Yelp, Google, Target, Walmart, Indeed, LinkedIn, Facebook and Instagram.
After paying for access to the scraping software, customers self-compromised their Facebook and Instagram accounts by providing their authentication information to Octopus. Octopus designed the software to scrape data accessible to the user when logged into their accounts, including data about their Facebook Friends such as email address, phone number, gender and date of birth, as well as Instagram followers and engagement information such as name, user profile URL, location and number of likes and comments per post.
Meta is an industry leader in taking legal action to protect people from scraping and exposing these types of services, which provide scraping as a service across multiple websites. Companies like Octopus are part of an emerging scraping industry that provides automation services to any customer — regardless of who they target and for what purpose they scrape. This industry makes scraping available to individuals and companies that otherwise would not have the capabilities.
Our lawsuit alleges that Octopus has violated our Terms of Service and the Digital Millennium Copyright Act, by engaging in unauthorized and automated scraping and attempting to conceal their scraping and avoid being detected and blocked from Facebook and Instagram. We are seeking a permanent injunction against Octopus. Protecting people against scraping for hire services, operating across many platforms and national boundaries, also requires a collective effort from platforms, policymakers and civil society and is needed to deter the abuse of these capabilities both among those who sell them and those who buy them.
Mystalk: Targeting Clone Sites
We have also filed an action against a Turkish-based individual, Defendant Ekrem Ateş, for using automated Instagram accounts to scrape data from the profiles of over 350,000 Instagram users. These profiles were viewable to logged-in Instagram users. The Defendant published the scraped data on his own websites or “clone sites.” A clone site is a website that copies and displays Instagram profiles, posts and other information without authorization. Our External Data Misuse team has provided an overview of how we work to safeguard people against clone sites.
Since February 2021, we have taken a number of enforcement actions against this Defendant, including disabling accounts, sending a cease and desist letter, and revoking his access to Meta’s services.