Facebook wants to take down sites like "HackingFacebook.net" and "iiinstagram.com," which allegedly offer hacking tools against the social networking giant. But it's doing so by filing a copyright lawsuit and targeting the two domain hosts where the websites are registered.
The company filed its lawsuit on Monday in the US District Court of the Northern District of California. It accuses web hosts OnlineNIC and ID Shield of trademark infringement and cybersquatting.
The two companies have been hosting websites like "HackingFacebook.net," which offers tools for phishing and hacking Facebook accounts, according to the lawsuit. In court documents, Facebook said it sent multiple takedown requests to the two defendants, arguing that these websites are infringing on the company's trademarks.
It's the latest instance of a big company going after websites designed to phish its users. In March, Microsoft announced that it took down 99 websites controlled by Iranian hackers, which were also designed to phish victims. In that case, Microsoft also took down the websites by using a lawsuit and claiming cybersquatting concerns. Phishing attacks are common and can be if the hackers have URLs that look close to the real name and design trap websites to look exactly like the original.
"People count on us to protect the integrity of our apps and services," a Facebook spokesperson said in a statement. "We don't tolerate people creating web addresses that pretend to be associated with our family of apps. Today's lawsuit shows we will take action against those behind this abuse."
OnlineNIC and ID Shield didn't respond to requests for comment.
In the lawsuit, Facebook listed at least 20 websites using the company's names and images on websites hosted by Online NIC and ID Shield, many of which were allegedly for illicit activities on Facebook and Instagram. The domain names include: "HackSomeonesFacebook.com," as well as "BuyInstagramFans.com."
The website also hosted URLs designed to look like official Facebook and Instagram URLs, allegedly intended to trick visitors into accidentally giving up their passwords in a phishing attack. One of the websites has the URL "m-facebook-login.com" and was apparently designed to look exactly like Facebook's login page.
According to court records, Facebook said the two hosts ignored multiple takedown requests from the tech giant. Facebook said it sent at least five notices to ID Shield to disclose the owners behind websites like "facebook-login.com."
Facebook is requesting a $100,000 payment for damages for each domain name, totaling to at least $2 million.
Originally published Oct. 28, 2:43 p.m. PT.
Updated, 3:06 p.m. PT: Adds more details from the lawsuit.