Meta Platforms (previously Facebook) Monday filed a lawsuit in a federal district court in California against unknown defendants operating more than 39,000 websites impersonating the login pages of Meta’s services like Facebook, Messenger and WhatsApp to deceive users and steal their login credentials.

In its filings, Meta claims that since 2019 the bad actors used free services of the cloud company Ngrok, Inc. to repeatedly relay internet traffic towards their phishing websites while concealing their identities and locations of their websites. They allegedly falsely represented themselves as Meta’s services and induced users to provide account credentials. This damaged the company’s brand and reputation as well as harmed its users.

Meta also stated that the defendants are liable for breach of contract since collection, trafficking and use of stolen login credentials for fraudulent access of the company’s services violate its Terms of Service and Terms of Use.

Meta’s director of platform enforcement and litigation, Jessica Romero, wrote in a statement:

We will also continue to collaborate with online hosting and service providers to identify and disrupt phishing attacks as they occur. We proactively block and report instances of abuse to the hosting and security community, domain name registrars, privacy/proxy services, and others. And Meta blocks and shares phishing URLs so other platforms can also block them.

The tech giant seeks damages under the Anti-Phishing Act and California Business & Professions Code. It also seeks damages and injunctive relief under the 15 U.S.C. § 1114(1) for trademark infringement.

Meta previously sued domain name registrar Namecheap for registering domain names that deceive people by purporting to be affiliated with its services. This is the first lawsuit against phishing site operators involved in the same scheme, such as using Ngrock to temporarily host phishing websites.