News of the exposure first came out last November when Facebook and Twitter verified the findings of independent security researchers. At the time, Facebook said OneAudience and another SDK developer called Mobiburn obtained information like people's names, emails and gender. Facebook went on to notify 9.5 million users that their data had potentially been compromised.

In the aftermath of the disclosure, Facebook says it sent OneAudience a cease-and-desist letter and asked it to take part in an audit. The company claims OneAudience "declined to cooperate."

"Through these lawsuits, we will continue sending a message to people trying to abuse our services that Facebook is serious about enforcing our policies, including requiring developers to cooperate with us during an investigation, and advance the state of the law when it comes to data misuse and privacy," the company said. We've reached out to the company for additional information on the suit, and we'll update this article when we hear back.

Facebook has been cracking down on data abuse over the past couple of years. For instance, last year it sued a Hong Kong company for tricking people into clicking on bogus links as a way to hijack their accounts.