LinkedIn has taken the fight to a number of unnamed individuals who allegedly scraped reams of member profiles using Amazon Web Services’ servers.
In a lawsuit revealed by the social network’s lawyers this week, LinkedIn claimed the perpetrators used bots to set up fake profiles, which took information from the site and stored it in Amazon EC2 systems. The scraping started in May 2013 and has continued to this year.
They also got around the site’s ‘Sentinel’ security, which is designed to limit successive requests from IP addresses.
Not only have the defendants broken LinkedIn terms and services, they have broken the Computer Fraud and Abuse Act and the Digital Millenium Copyright Act, according to the filing.
“The Doe Defendants’ unlawful conduct threatens the LinkedIn platform in several ways. It undermines the integrity and effectiveness of LinkedIn’s professional network by polluting it with thousands of fake member profiles,” the filing read.
“Moreover by pilfering data from the LinkedIn site, the Doe Defendants threaten to degrade the value of LinkedIn’s Recruiter Product, in which LinkedIn has invested substantially over the years.”
LinkedIn said it had experienced increased strain and disruption on its network as a result of the the data scraping operation.
The company said it had been able to quickly remove the fake profiles, and had added extra technical capabilities to prevent similar activities. Yet LinkedIn noted that if the alleged scrapers were not stopped, they threatened to cause “ongoing and irreparable harm” to the company.
LinkedIn said it expects to be able to identify the perpetrators by making a legal request to Amazon Web Services, where the virtual machines used to scrape the data resided. It also wants a jury trial and monetary compensation.
Are you a security expert? Try our quiz!
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…
View Comments
This will be a continuing issue with all social media sites - easy to fix get each user to validate with something more personal such as a unique and valid credit card that wont be charged and gets deleted after validation. Hence the attackers could do it with stolen details, but adds another layer of effort to them and validating a name on a card or bank details such as paypal does would eliminate this. You could then mark those accounts as a validated account and others as unvalidated.