Between 2017 and 2018, they enticed users to install malicious browser plugins promising horoscopes or "character and popularity" tests, apparently infecting around 63,000 Facebook users' browsers.
Other social media networking sites were also targeted by the two developers, but the company didn't name the other sites in its civil complaint.
Facebook on Friday filed a lawsuit against two notorious Ukrainians for compromising the accounts of over 60,000 users of their website. As a result, the hackers had access to the profiles and friends lists. According to court filings, the apps offered personality quizzes like "Who are you of modern vampires?"
If a user then followed through and installed the malicious browser extension, the extension would gain access to the user's Facebook page. Those hackers claimed to have information from 120 million Facebook accounts, but cybersecurity experts were dubious; if Facebook's 63,000-browser estimate is accurate, it suggests that this skepticism was warranted. That's true, but it the extension wouldn't have been able to grab data if the developers hadn't been accepted by Facebook as registered developers, permitted to use Facebook Login.
The complaint also says Sluchevsky and Gorbachov "caused Facebook to suffer irreparable reputational harm", which would tally with the scandal those private message sales caused - despite Facebook saying they weren't its fault.
It's been a roller coaster year for Facebook investors.
Facebook attempts to distance itself from fault in the suit, claiming that users "effectively compromised their own browsers" by installing the extensions.
From the implications of the lawsuit, Facebook may have allowed these hackers into their network by approving them as developers. According to Daily Beast reports last Friday, the popular social media giant accused the hackers of violating the federal and California anti-hacking laws with their shameless act.
The lawsuit accuses the pair of fraud and breach of contract and seeks monetary damages and a restraining order against the alleged hackers and their associates.
But crucially, that makes it quite different from the Cambridge Analytica scandal, which involved Facebook voluntarily giving up too much data to developers, rather than needing to be hoodwinked by a browser plug in.