Facebook is suing two developers and a Spanish company it alleges sold software that delivered fake likes and comments on Instagram, and unlawfully scraped user data from Facebook.
Facebook filed separate lawsuits in Spain and California today against Mohammad Zaghar, a Moroccan developer, and Marcos Gómez Platón, a Spanish developer, and his company MGP25 Cyberint Services.
“The defendants in the European lawsuit operated a Spain-based fake engagement service, and the defendant in the US lawsuit operated a data scraping service with ties to California,” wrote Jessica Romero, Facebook’s director of platform enforcement and litigation, in a blog post.
The suits are the latest examples of a legal and anti-regulation strategy from the platform that has seen it file 13 lawsuits since early 2019 against companies and individuals it alleges were involved in ad fraud, sold fake engagement, cybersquatted, and abused user data.
The suits help Facebook signal it’s “being a responsible actor, so that it undercuts the case for regulating it,” Cary Coglianese, director of the Penn Program on Regulation and a professor of law and political science at the University of Pennsylvania, previously told BuzzFeed News.
Facebook said Zaghar and Platón continued with their activities after being sent cease-and-desist letters.
Platón, who goes by MGP25 online, attracted media coverage in January when Instagram filed a Digital Millennium Copyright Act takedown request that caused GitHub to remove the code for one of his projects, “Instagram-API.” A Facebook spokesperson said that service was one of the product offerings targeted in the lawsuit.
“The defendant’s service was designed to evade Instagram’s restrictions against fake engagement by mimicking the Instagram official app in the way that it connected to our systems,” Romero wrote.
Platón’s website and LinkedIn profile identify him as a telecommunications engineer.
In an email, Platón denied selling engagement on Instagram.
“My company doesn’t sell likes, my company is a security consultant for penetration testing and reverse engineering, so I think they are getting confused,” he told BuzzFeed News.
A contract that appears to be between MGP25 Cyberint Services and a Russian company, and that was uploaded to an online documents site in March, makes reference to “Instagram API Services” and says MGP25 would be paid 1,000 Euros per month for it. Platón declined to comment on the contract.
In a separate suit, Facebook alleged Zaghar operated a service, Massroot8, that scraped user data. The Massroot8 site offers a range of tools, including the ability to extract contact information, such as emails, from Facebook accounts, and to send bulk messages via Messenger.
Facebook’s complaint alleges Zaghar previously ran sites such as fast-autolikers.com that offered the same data scraping. Facebook’s complaint alleges he shut down that and another site after being sent a cease-and-desist letter in July of 2018, and shifted his activity to Massroot8 just a few months later.
BuzzFeed News used domain records and web analytics and advertising IDs to connect Zaghar to other sites such as insta-stalker.co, which offers the ability to search Instagram, as well as to a now-defunct music lyrics website. He also owns paypal-account-confirmation.info, which Domain Tools, a security threat analysis platform, lists as a malicious domain.
That domain’s registration records lists an address in Morocco that also has the same home address shown in a video from the TheMrZaghar YouTube account, which Facebook attributed to him in its filing. In one video, and in corresponding social media accounts, Zaghar appears to be a man in his early to mid-twenties.
He did not immediately respond to a request for comment.