2 Comments

Summary:

LinkedIn says unknown people have been creating a wave of fake profiles in order to scrape the profiles of hundreds of thousands of users, and offer a competing recruiting product. Here’s the complaint and some details.

Battle Of The Bots: iRobot Sues Rivals

Professional network LinkedIn is fighting off shady competitors that are using bots to vacuum up hundreds of thousands of its user profiles in order to compete with LinkedIn’s own recruiter products, according to a new lawsuit.

In a complaint filed this week in San Francisco, LinkedIn asked a court to grant orders that will allow it to stop a group of “John Does” from scraping its servers, and to make the unknown defendants pay for allegedly breaching federal and state hacking statutes as well as a variety of other laws.

LinkedIn explained that since May of 2013, unknown people have been deploying a wave of bots that create thousands of fake profiles in order to interact with real LinkedIn users and siphon their user profiles. As the complaint (embedded below) states:

Registering so many unique new accounts allowed the Doe Defendants to view hundreds of thousands of member profiles per day … [and] have engaged in their scraping activities in an attempt to establish competing recruiting websites and usurp LinkedIn’s recruiter product.

In response to the wave of bots, LinkedIn said in the complaint that it has had to expend considerable energy shutting down the fake profiles. It also said the bots have cost it computing resources and threaten the company’s integrity.

In order to identify the creator of the bots, LinkedIn said it will issue discovery orders to Amazon Web Services, which the defendants are using to create and store information related to the fake profiles.

It’s unclear which companies or sites have been using LinkedIn’s user profiles, or if the data scraping presents any risk to the company’s users.

Update: LinkedIn sent the following statement by email: “We’re a members-first organization and we feel we have a responsibility to protect the control that our members have over the information they put on LinkedIn.”

A Google search for “LinkedIn and bots” turns up a number of web sites such as Black Hat World where users compare techniques for creating fake LinkedIn users and avoiding detection.

It’s not immediately clear if LinkedIn has a clear-cut legal case since it is not necessarily illegal to copy information from a website. In its complaint, the company is relying on its own terms of services that forbid scraping as well as the Computer Fraud and Abuse Act and the the Digital Millenium Copyright Act.

In the meantime, LinkedIn users may wish to be wary about which invitations to connect they accept.

Here’s a copy of the complaint, which was tweeted by lawyer Mark H. Jaffe (I’ve underlined some of the relevant parts)

This story was updated at 6pmET to include LinkedIn’s statement.

LinkedIn v John Does (Bots Case) by jeff_roberts881

You’re subscribed! If you like, you can update your settings

  1. Social sites can’t complain about users siphoning off their members’ data. That’s what the social sites are doing in the first place.

  2. Ian Moyse ☁☁ Thursday, January 9, 2014

    This will be a continuing issue with all social media sites – easy to fix get each user to validate with something more personal such as a unique and valid credit card that wont be charged and gets deleted after validation. Hence the attackers could do it with stolen details, but adds another layer of effort to them and validating a name on a card or bank details such as paypal does would eliminate this. You could then mark those accounts as a validated account and others as unvalidated.

    Ian Moyse

Comments have been disabled for this post