Facebook on Thursday sued a Hong Kong company that allegedly duped web users into installing malware that not only took over people's Facebook accounts, but then served ads from those accounts.
When the malware victims had Facebook ad accounts, those accounts were charged for the ads, Facebook alleges in a complaint brought in U.S. District Court for the Northern District of California. The lawsuit names the company ILikeAd Media, along with Chinese residents Chen Xiao Cong and Huang Tao, as defendants.
Facebook's claims include allegations that ILikeAd violated the Computer Fraud and Abuse Act, an anti-hacking law that prohibits companies from exceeding their authorized access to computers.
Facebook said in a blog post Thursday it has already issued refunds to people whose accounts were used to run the ads. The scheme allegedly began in 2016 and affected “hundreds of thousands” of users.
The ads themselves, some of which featured celebrities, also allegedly violated Facebook's ad policies. ILikeAd was able to circumvent Facebook's filters by displaying different landing pages to Facebook than to users, the social networking company alleges.
The ads' actual landing pages were “associated with counterfeit goods, male enhancement supplements, and diet pills,” in violation of Facebook's ad policies, according to the complaint.
This lawsuit is one of several cases Facebook has brought this year against companies that allegedly violated the company's policies. In May, Facebook sued South Korean app developer Rankwave for allegedly misusing data about users.
And in August, the company sued Singapore-based JediMobi and Hong Kong-based LionMobi for allegedly distributing ad-fraud software via mobile apps.