Back in November, Facebook and Twitter reported about a security breach that allowed third-party analytics services to steal user data through third-party apps, without the user’s permission.
The breach was possible through malicious software development kits (SDKs) used by third-party apps, allowing the analytics firms to get users’ personal data without their permission.
At the time, both Facebook and Twitter took immediate actions against the developers of the malicious SDKs OneAudience and Mobiburn. The companies were paying app developers to use malicious SDKs on their apps. This week, Facebook announced that the company is suing OneAudience after the analytics firm refused to cooperate with Facebook as part of a security audit.
“Through these lawsuits, we will continue sending a message to people trying to abuse our services that Facebook is serious about enforcing our policies, including requiring developers to cooperate with us during an investigation, and advance the state of the law when it comes to data misuse and privacy,” said the company.
Facebook said the company disabled apps affected by the malicious SDKs immediately, and it also sent a cease and desist letter to OneAudience. The company then requested OneAudience to take part in an audit, which OneAudience had refused.