Professional social networking site LinkedIn has filed a lawsuit against unnamed parties after discovering that bots were used to scrape data from the profiles of hundreds of thousands of users.
According to the lawsuit, which was filed in federal district court in Northern California on Monday, various automated software programs registered thousands of fake LinkedIn member accounts to extract and copy data from legitimate member profile pages since May 2013. Scraping is prohibited by LinkedIn's user agreement, the company said, and claims that it breaks state and federal computer security laws, as well as federal copyright law.
"The Doe Defendants' unlawful conduct threatens the LinkedIn platform in several ways. It undermines the integrity and effectiveness of LinkedIn's professional network by polluting it with thousands of fake member profiles," the company said in the complaint. "Moreover, by pilfering data from the LinkedIn site, the Doe Defendants threaten to degrade the value of LinkedIn's recruiter product, in which LinkedIn has invested substantially over the years."
[Are you guilty of these? Read 5 LinkedIn Habits To Break In 2014.]
LinkedIn Recruiter is a service that lets recruiters and headhunters search for candidates from the company's database of 259 million users. More than 16,000 clients and companies pay to use LinkedIn Recruiter, which it says is one of its fastest growing services.
LinkedIn traced the abusive accounts to an Amazon Web Services account, and is asking the company to hand over the names of the account owners.
LinkedIn believes that whoever is responsible for the scheme was aware of the measures LinkedIn had in place to limit the volume of activity for each individual account, which is why thousands of fake accounts were created. LinkedIn has since disabled the fake member profiles and said it has added additional safeguards to protect against unauthorized access to the site.
It's not clear from the filing what the defendants planned to do with the scraped information. Hani Durzy, LinkedIn director of corporate communications, said in a statement: "We're a members-first organization and we feel we have a responsibility to protect the control that our members have over the information they put on LinkedIn."
Gant Redmon, general counsel for Co3Systems, said in an interview that filing a complaint against unnamed parties isn't necessarily uncommon. "The John Doe process means you can show that you have a claim and ask for immediate relief," he said. "By the time you find out who it is, you have a court-ordered club to hit them with."
The real battle, Redmon said, will be waged in LinkedIn's engineering department rather than legal. "Corporations are, by and large, left on their own to defend against bad actors in the IT space, so LinkedIn will be spending a lot of time figuring out how to block these people and how to prevent copycats."
LinkedIn isn't the only social network to battle fake accounts. In Twitter's IPO filing, the company listed spam as a risk factor that could hurt its reputation for "delivering relevant content or reduce user growth and user engagement and result in continuing operational cost to us." Twitter estimated that fake accounts make up less than 5% of its monthly active users, though it said it was difficult to say for sure.
In September, Facebook was awarded $3 million in damages after Power Ventures and its CEO were found liable under the Can-Spam Act for sending more than 60,000 spam email messages to Facebook members. The company created a software program to access Facebook's website, scraped user information from it, and changed its own IP address to bypass Facebook's technical barriers, the ruling said.
Can the trendy tech strategy of DevOps really bring peace between developers and IT operations -- and deliver faster, more reliable app creation and delivery? Also in the DevOps Challenge issue of InformationWeek: Execs charting digital business strategies can't afford to take Internet connectivity for granted.