LinkedIn Sues After Scraping Of User Data - InformationWeek
Software // Social
01:50 PM
Connect Directly

LinkedIn Sues After Scraping Of User Data

LinkedIn wants Amazon to turn over names of people it says registered fake LinkedIn accounts to extract users' data.

7 Facebook Wishes For 2014
7 Facebook Wishes For 2014
(Cick image for larger view and slideshow.)

Professional social networking site LinkedIn has filed a lawsuit against unnamed parties after discovering that bots were used to scrape data from the profiles of hundreds of thousands of users.

According to the lawsuit, which was filed in federal district court in Northern California on Monday, various automated software programs registered thousands of fake LinkedIn member accounts to extract and copy data from legitimate member profile pages since May 2013. Scraping is prohibited by LinkedIn's user agreement, the company said, and claims that it breaks state and federal computer security laws, as well as federal copyright law.

"The Doe Defendants' unlawful conduct threatens the LinkedIn platform in several ways. It undermines the integrity and effectiveness of LinkedIn's professional network by polluting it with thousands of fake member profiles," the company said in the complaint. "Moreover, by pilfering data from the LinkedIn site, the Doe Defendants threaten to degrade the value of LinkedIn's recruiter product, in which LinkedIn has invested substantially over the years."

[Are you guilty of these? Read 5 LinkedIn Habits To Break In 2014.]

LinkedIn Recruiter is a service that lets recruiters and headhunters search for candidates from the company's database of 259 million users. More than 16,000 clients and companies pay to use LinkedIn Recruiter, which it says is one of its fastest growing services.

LinkedIn traced the abusive accounts to an Amazon Web Services account, and is asking the company to hand over the names of the account owners.

LinkedIn believes that whoever is responsible for the scheme was aware of the measures LinkedIn had in place to limit the volume of activity for each individual account, which is why thousands of fake accounts were created. LinkedIn has since disabled the fake member profiles and said it has added additional safeguards to protect against unauthorized access to the site.

It's not clear from the filing what the defendants planned to do with the scraped information. Hani Durzy, LinkedIn director of corporate communications, said in a statement: "We're a members-first organization and we feel we have a responsibility to protect the control that our members have over the information they put on LinkedIn."

Gant Redmon, general counsel for Co3Systems, said in an interview that filing a complaint against unnamed parties isn't necessarily uncommon. "The John Doe process means you can show that you have a claim and ask for immediate relief," he said. "By the time you find out who it is, you have a court-ordered club to hit them with."

The real battle, Redmon said, will be waged in LinkedIn's engineering department rather than legal. "Corporations are, by and large, left on their own to defend against bad actors in the IT space, so LinkedIn will be spending a lot of time figuring out how to block these people and how to prevent copycats."

LinkedIn isn't the only social network to battle fake accounts. In Twitter's IPO filing, the company listed spam as a risk factor that could hurt its reputation for "delivering relevant content or reduce user growth and user engagement and result in continuing operational cost to us." Twitter estimated that fake accounts make up less than 5% of its monthly active users, though it said it was difficult to say for sure.

In September, Facebook was awarded $3 million in damages after Power Ventures and its CEO were found liable under the Can-Spam Act for sending more than 60,000 spam email messages to Facebook members. The company created a software program to access Facebook's website, scraped user information from it, and changed its own IP address to bypass Facebook's technical barriers, the ruling said.

Senior editor Kristin Burnham covers social media, social business, and IT leadership and careers for Contact her at or follow her on Twitter: @kmburnham.

Can the trendy tech strategy of DevOps really bring peace between developers and IT operations -- and deliver faster, more reliable app creation and delivery? Also in the DevOps Challenge issue of InformationWeek: Execs charting digital business strategies can't afford to take Internet connectivity for granted.

Comment  | 
Print  | 
More Insights
Oldest First  |  Newest First  |  Threaded View
User Rank: Apprentice
1/8/2014 | 3:05:22 PM
They didn't block Amazon?
I'm really surprised.  Like myself, most webmasters I know block Amazon IP addresses.  Amazon is the Web's leading source of bad actors (worse than Russia and China put together). 

Thomas Claburn
Thomas Claburn,
User Rank: Author
1/8/2014 | 5:00:24 PM
Re: They didn't block Amazon?
I wonder what would happen to AWS if there were a cloud computing equivalent of the banking industry's know-your-customer rule (anti-money laundering), designed to prevent abuse?
User Rank: Apprentice
1/9/2014 | 1:37:33 PM
Ways to protect
This will be a continuing issue with all social media sites - easy to fix get each user to validate with something more personal such as a unique and valid credit card that wont be charged and gets deleted after validation. Hence the attackers could do it with stolen details, but adds another layer of effort to them and validating a name on a card or bank details such as paypal does would eliminate this. You could then mark those accounts as a validated account and others as unvalidated.
User Rank: Author
1/9/2014 | 2:30:38 PM
Tough on users
This puts LinkedIn users in a hard spot. Unlike Facebook, a LinkedIn account really isn't optional in many recruiting/HR pros' minds.
User Rank: Apprentice
4/13/2015 | 7:26:03 AM
Re: They didn't block Amazon?
Yeah,  you can block list of IPs including amazon. But Blocking an IP Doesn't Really Block a Bot. 

There are 1000s of more such players who are scraping you every day. The best way is to opt for a preventive measure rather than going for legal suits when the content is stolen. 

You can opt for some 3rd party scraping prevention solution like ShieldSquare which does the job for you. They analyse each and every web request of your website and isolate bot traffic from the genuine users. 


How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of the Cloud Report
As the use of public cloud becomes a given, IT leaders must navigate the transition and advocate for management tools or architectures that allow them to realize the benefits they seek. Download this report to explore the issues and how to best leverage the cloud moving forward.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of November 6, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll