Software // Social
News
1/8/2014
01:50 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%
Repost This

LinkedIn Sues After Scraping Of User Data

LinkedIn wants Amazon to turn over names of people it says registered fake LinkedIn accounts to extract users' data.

7 Facebook Wishes For 2014
7 Facebook Wishes For 2014
(Cick image for larger view and slideshow.)

Professional social networking site LinkedIn has filed a lawsuit against unnamed parties after discovering that bots were used to scrape data from the profiles of hundreds of thousands of users.

According to the lawsuit, which was filed in federal district court in Northern California on Monday, various automated software programs registered thousands of fake LinkedIn member accounts to extract and copy data from legitimate member profile pages since May 2013. Scraping is prohibited by LinkedIn's user agreement, the company said, and claims that it breaks state and federal computer security laws, as well as federal copyright law.

"The Doe Defendants' unlawful conduct threatens the LinkedIn platform in several ways. It undermines the integrity and effectiveness of LinkedIn's professional network by polluting it with thousands of fake member profiles," the company said in the complaint. "Moreover, by pilfering data from the LinkedIn site, the Doe Defendants threaten to degrade the value of LinkedIn's recruiter product, in which LinkedIn has invested substantially over the years."

[Are you guilty of these? Read 5 LinkedIn Habits To Break In 2014.]

LinkedIn Recruiter is a service that lets recruiters and headhunters search for candidates from the company's database of 259 million users. More than 16,000 clients and companies pay to use LinkedIn Recruiter, which it says is one of its fastest growing services.

LinkedIn traced the abusive accounts to an Amazon Web Services account, and is asking the company to hand over the names of the account owners.

LinkedIn believes that whoever is responsible for the scheme was aware of the measures LinkedIn had in place to limit the volume of activity for each individual account, which is why thousands of fake accounts were created. LinkedIn has since disabled the fake member profiles and said it has added additional safeguards to protect against unauthorized access to the site.

It's not clear from the filing what the defendants planned to do with the scraped information. Hani Durzy, LinkedIn director of corporate communications, said in a statement: "We're a members-first organization and we feel we have a responsibility to protect the control that our members have over the information they put on LinkedIn."

Gant Redmon, general counsel for Co3Systems, said in an interview that filing a complaint against unnamed parties isn't necessarily uncommon. "The John Doe process means you can show that you have a claim and ask for immediate relief," he said. "By the time you find out who it is, you have a court-ordered club to hit them with."

The real battle, Redmon said, will be waged in LinkedIn's engineering department rather than legal. "Corporations are, by and large, left on their own to defend against bad actors in the IT space, so LinkedIn will be spending a lot of time figuring out how to block these people and how to prevent copycats."

LinkedIn isn't the only social network to battle fake accounts. In Twitter's IPO filing, the company listed spam as a risk factor that could hurt its reputation for "delivering relevant content or reduce user growth and user engagement and result in continuing operational cost to us." Twitter estimated that fake accounts make up less than 5% of its monthly active users, though it said it was difficult to say for sure.

In September, Facebook was awarded $3 million in damages after Power Ventures and its CEO were found liable under the Can-Spam Act for sending more than 60,000 spam email messages to Facebook members. The company created a software program to access Facebook's website, scraped user information from it, and changed its own IP address to bypass Facebook's technical barriers, the ruling said.

Senior editor Kristin Burnham covers social media, social business, and IT leadership and careers for InformationWeek.com. Contact her at Kristin.Burnham@ubm.com or follow her on Twitter: @kmburnham.

Can the trendy tech strategy of DevOps really bring peace between developers and IT operations -- and deliver faster, more reliable app creation and delivery? Also in the DevOps Challenge issue of InformationWeek: Execs charting digital business strategies can't afford to take Internet connectivity for granted.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Laurianne
50%
50%
Laurianne,
User Rank: Author
1/9/2014 | 2:30:38 PM
Tough on users
This puts LinkedIn users in a hard spot. Unlike Facebook, a LinkedIn account really isn't optional in many recruiting/HR pros' minds.
imoyse
50%
50%
imoyse,
User Rank: Apprentice
1/9/2014 | 1:37:33 PM
Ways to protect
This will be a continuing issue with all social media sites - easy to fix get each user to validate with something more personal such as a unique and valid credit card that wont be charged and gets deleted after validation. Hence the attackers could do it with stolen details, but adds another layer of effort to them and validating a name on a card or bank details such as paypal does would eliminate this. You could then mark those accounts as a validated account and others as unvalidated.
Thomas Claburn
50%
50%
Thomas Claburn,
User Rank: Author
1/8/2014 | 5:00:24 PM
Re: They didn't block Amazon?
I wonder what would happen to AWS if there were a cloud computing equivalent of the banking industry's know-your-customer rule (anti-money laundering), designed to prevent abuse?
anon8235765820
50%
50%
anon8235765820,
User Rank: Apprentice
1/8/2014 | 3:05:22 PM
They didn't block Amazon?
I'm really surprised.  Like myself, most webmasters I know block Amazon IP addresses.  Amazon is the Web's leading source of bad actors (worse than Russia and China put together). 

 
Social is a Business Imperative
Social is a Business Imperative
The use of social media for a host of business purposes is rising. Indeed, social is quickly moving from cutting edge to business basic. Organizations that have so far ignored social - either because they thought it was a passing fad or just didnít have the resources to properly evaluate potential use cases and products - must start giving it serious consideration.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Government, May 2014
NIST's cyber-security framework gives critical-infrastructure operators a new tool to assess readiness. But will operators put this voluntary framework to work?
Video
Slideshows
Twitter Feed
Audio Interviews
Archived Audio Interviews
GE is a leader in combining connected devices and advanced analytics in pursuit of practical goals like less downtime, lower operating costs, and higher throughput. At GIO Power & Water, CIO Jim Fowler is part of the team exploring how to apply these techniques to some of the world's essential infrastructure, from power plants to water treatment systems. Join us, and bring your questions, as we talk about what's ahead.