Privacy Ninja



        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Facebook Sues Makers Of Malicious Chrome Extensions For Scraping Data

Facebook Sues Makers Of Malicious Chrome Extensions For Scraping Data

Facebook has taken legal action against the makers of malicious Chrome extensions used for scraping user-profiles and other information from Facebook’s website and from users’ systems without authorization.

The two defendants developed and distributed the malicious browser extensions through the Chrome Web Store working under the “Oink and Stuff” business name.

“They misled users into installing the extensions with a privacy policy that claimed they did not collect any personal information,” Jessica Romero, Director of Platform Enforcement and Litigation, said.

“Four of their extensions — Web for Instagram plus DMBlue MessengerEmoji keyboard, and Green Messenger — were malicious and contained hidden computer code that functioned like spyware.”

The four extensions are still available for download in Google’s Chrome Web Store and they currently have more than 54,000 users.

Also Read: What Legislation Exists in Singapore Regarding Data Protection and Security?

Facebook systems’ not compromised

After being installed on the users’ computers, these Chrome extensions also installed malicious code in the background which allowed the defendants to scrape user data from Facebook’s site.

The malicious Chrome add-ons were also used to surreptitiously collect data unrelated to Facebook from the users’ web browsers.

While the users were browsing the Facebook website, the extensions automatically scraped account information including the victims’ name, user ID, gender, relationship status, and age group among others.

Romero added that the defendants did not compromise Facebook’s security systems during their malicious activity but, instead, they only used the extensions installed on users’ devices to scrape data.

“This case is the result of our ongoing international efforts to detect and enforce against those who scrape Facebook users’ data, including those who use browser extensions to compromise people’s browsers.”

Legal action against platform abuse

This action is part of a long series of instances where Facebook took legal action against entities attempting to abuse the company’s platform and services.

For instance, in March 2020, Facebook sued domain name registrar Namecheap and its proxy service Whoisguard “for registering domain names that aim to deceive people by pretending to be affiliated with Facebook apps” and often being used “for phishing, fraud and scams.”

In October 2019, Facebook filed another lawsuit against domain name registrar OnlineNIC and its privacy service ID Shield for allowing the registration of lookalike domains such as and

The same month, Facebook also sued Israeli cyber-surveillance firm NSO Group and its parent company Q Cyber Technologies for creating and selling a WhatsApp zero-day exploit.

Also Read: Letter of Consent MOM: Getting the Details Right

The exploit was used in May 2019 to exploit the platform’s video calling system to deploy malware as part of an attack targeting over 100 high-profile targets including journalists, human rights defenders, and government officials.



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us