LinkedIn Sues After Scraping Of User Data - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Software // Social
01:50 PM
Connect Directly

LinkedIn Sues After Scraping Of User Data

LinkedIn wants Amazon to turn over names of people it says registered fake LinkedIn accounts to extract users' data.

7 Facebook Wishes For 2014
7 Facebook Wishes For 2014
(Cick image for larger view and slideshow.)

Professional social networking site LinkedIn has filed a lawsuit against unnamed parties after discovering that bots were used to scrape data from the profiles of hundreds of thousands of users.

According to the lawsuit, which was filed in federal district court in Northern California on Monday, various automated software programs registered thousands of fake LinkedIn member accounts to extract and copy data from legitimate member profile pages since May 2013. Scraping is prohibited by LinkedIn's user agreement, the company said, and claims that it breaks state and federal computer security laws, as well as federal copyright law.

"The Doe Defendants' unlawful conduct threatens the LinkedIn platform in several ways. It undermines the integrity and effectiveness of LinkedIn's professional network by polluting it with thousands of fake member profiles," the company said in the complaint. "Moreover, by pilfering data from the LinkedIn site, the Doe Defendants threaten to degrade the value of LinkedIn's recruiter product, in which LinkedIn has invested substantially over the years."

[Are you guilty of these? Read 5 LinkedIn Habits To Break In 2014.]

LinkedIn Recruiter is a service that lets recruiters and headhunters search for candidates from the company's database of 259 million users. More than 16,000 clients and companies pay to use LinkedIn Recruiter, which it says is one of its fastest growing services.

LinkedIn traced the abusive accounts to an Amazon Web Services account, and is asking the company to hand over the names of the account owners.

LinkedIn believes that whoever is responsible for the scheme was aware of the measures LinkedIn had in place to limit the volume of activity for each individual account, which is why thousands of fake accounts were created. LinkedIn has since disabled the fake member profiles and said it has added additional safeguards to protect against unauthorized access to the site.

It's not clear from the filing what the defendants planned to do with the scraped information. Hani Durzy, LinkedIn director of corporate communications, said in a statement: "We're a members-first organization and we feel we have a responsibility to protect the control that our members have over the information they put on LinkedIn."

Gant Redmon, general counsel for Co3Systems, said in an interview that filing a complaint against unnamed parties isn't necessarily uncommon. "The John Doe process means you can show that you have a claim and ask for immediate relief," he said. "By the time you find out who it is, you have a court-ordered club to hit them with."

The real battle, Redmon said, will be waged in LinkedIn's engineering department rather than legal. "Corporations are, by and large, left on their own to defend against bad actors in the IT space, so LinkedIn will be spending a lot of time figuring out how to block these people and how to prevent copycats."

LinkedIn isn't the only social network to battle fake accounts. In Twitter's IPO filing, the company listed spam as a risk factor that could hurt its reputation for "delivering relevant content or reduce user growth and user engagement and result in continuing operational cost to us." Twitter estimated that fake accounts make up less than 5% of its monthly active users, though it said it was difficult to say for sure.

In September, Facebook was awarded $3 million in damages after Power Ventures and its CEO were found liable under the Can-Spam Act for sending more than 60,000 spam email messages to Facebook members. The company created a software program to access Facebook's website, scraped user information from it, and changed its own IP address to bypass Facebook's technical barriers, the ruling said.

Senior editor Kristin Burnham covers social media, social business, and IT leadership and careers for Contact her at [email protected] or follow her on Twitter: @kmburnham.

Can the trendy tech strategy of DevOps really bring peace between developers and IT operations -- and deliver faster, more reliable app creation and delivery? Also in the DevOps Challenge issue of InformationWeek: Execs charting digital business strategies can't afford to take Internet connectivity for granted.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
4/13/2015 | 7:26:03 AM
Re: They didn't block Amazon?
Yeah,  you can block list of IPs including amazon. But Blocking an IP Doesn't Really Block a Bot. 

There are 1000s of more such players who are scraping you every day. The best way is to opt for a preventive measure rather than going for legal suits when the content is stolen. 

You can opt for some 3rd party scraping prevention solution like ShieldSquare which does the job for you. They analyse each and every web request of your website and isolate bot traffic from the genuine users. 


User Rank: Author
1/9/2014 | 2:30:38 PM
Tough on users
This puts LinkedIn users in a hard spot. Unlike Facebook, a LinkedIn account really isn't optional in many recruiting/HR pros' minds.
User Rank: Apprentice
1/9/2014 | 1:37:33 PM
Ways to protect
This will be a continuing issue with all social media sites - easy to fix get each user to validate with something more personal such as a unique and valid credit card that wont be charged and gets deleted after validation. Hence the attackers could do it with stolen details, but adds another layer of effort to them and validating a name on a card or bank details such as paypal does would eliminate this. You could then mark those accounts as a validated account and others as unvalidated.
Thomas Claburn
Thomas Claburn,
User Rank: Author
1/8/2014 | 5:00:24 PM
Re: They didn't block Amazon?
I wonder what would happen to AWS if there were a cloud computing equivalent of the banking industry's know-your-customer rule (anti-money laundering), designed to prevent abuse?
User Rank: Apprentice
1/8/2014 | 3:05:22 PM
They didn't block Amazon?
I'm really surprised.  Like myself, most webmasters I know block Amazon IP addresses.  Amazon is the Web's leading source of bad actors (worse than Russia and China put together). 

Why 2021 May Turn Out to be a Great Year for Tech Startups
John Edwards, Technology Journalist & Author,  2/24/2021
How GIS Data Can Help Fix Vaccine Distribution
Jessica Davis, Senior Editor, Enterprise Apps,  2/17/2021
11 Ways DevOps Is Evolving
Lisa Morgan, Freelance Writer,  2/18/2021
White Papers
Register for InformationWeek Newsletters
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you.
Flash Poll