51 Comments

Summary:

A start-up that sells $799 subscriptions to recruiters is stocking its database with profiles that it obtained from LinkedIn by using an army of bots.

linkedin

In January, LinkedIn filed a lawsuit that accused unnamed “John Does” of creating fake profiles in order to “connect” with real LinkedIn users and siphon their professional profiles. Now, the company has identified who is controlling the bots and, unsurprisingly, it turns out to be a would-be competitor.

In an amended complaint filed last week in San Francisco, LinkedIn named a start-up called HiringSolved as well as its founder Shon Burton, who was recently profiled in the career advice section of Business Insider.

LinkedIn said it identified Burton by collecting the IP addresses associated with the bots tied to the fake profiles. LinkedIn then traced those IP addresses to a “well-known cloud computing platform,” whose billing records tied them to Burton’s residence in San Francisco.

LinkedIn is now seeking damages and an injunction against Burton and HiringSolved, which reportedly charges subscribers $199 to $799 to access its data. LinkedIn claims the use of bots to scrape its site amounts to a breach of contract, and a violation of copyright and hacking laws. The company’s complaint also describes how Burton’s bots circumvented a variety of measures intended to prevent profile scraping.

Burton, however, denied that he is doing anything wrong.

“I can say that we do not believe we have done anything illegal. HiringSolved is in a new class of business tools called “People Aggregators” and it is considered to be one of the best in class,” said Burton in an email.

Burton’s assurances may not do much to assuage LinkedIn users whose entire profiles appear on the HiringSolved platform, where users can’t edit them.

Meanwhile, HiringSolved isn’t the only company attempting to exploit LinkedIn data. This week, the company sent a cease-and-desist to a shadowy company called Sell Hack, which offers a plug-in that reveals every LinkedIn user’s real email address via a “Hack In” button (Update: Sell Hack stated on Monday it has disabled the button).

LinkedIn provided the following statement: “As a members-first organization, we provide our members with control over the information that they make available to others on LinkedIn.  When anyone tries to take away this control by scraping our members’ profiles without permission, we can and will take aggressive action to stop them and hold them accountable.”

Here’s the new complaint that names Burton:

LinkedIn HiringSolved Complaint

  1. Irina Shamaeva Tuesday, April 1, 2014

    There are quite a few “people aggregators”, which is a new generation of sourcing tools for recruiters. These tools help to make sense of and search within the publicly available data across different social sites. I agree that HS is one of the best tools in this category. I am pretty sure they did nothing wrong. We’ll keep our fingers crossed that this type of help for recruiters will remain available.

    Share
    1. Surely I should have the option of either agreeing or disagreeing to my data being present on HS! Baffles me when people (Recruiters) talk like this, please remember there is a person behind the profile and they have feelings gaddamit.

      Share
      1. Rudolph, the red-nose Reindeer Thursday, April 3, 2014

        Recruiters are a disgusting breed, along with real estate agents and lawyers that look for class law suits. They have little to no respect for the individuals, their superficial/hypocritical interest in their clients getting a house, a job or justice is pure self-interest.

        As for the former 2 there is also little education/insider knowledge needed. The general need to earn money and have a roof over your head is fundamental, and if the market is “bullish” there is even more money to be made.

        If you are in need of their services and you contact them they’ll push you away as if you were some nuisance, if you are not they’ll come and bother you and refuse to leave you alone. They are like parasites. Wherever there is a potential host for them, you can find them.

        Honestly I have respect for lots of professions, particularly the ones that are menial and often performed by immigrants in so many first world countries but I cannot bring myself to respect the above mentioned.

        Share
        1. Scott Ariens Monday, April 7, 2014

          Obviously you’ve never had a relationship with a recruiter/consultant who adds value, who works to solve a hiring problem for a company and adds value to the career of an individual …. so much for sweeping generalizations or are you really that unrealistic? What’s disconcerting here is the entire ‘dark side’ of social media – the ‘people behind the curtain’ cannot be trusted 100% because they want to make money in any way they can from the ‘data’ they aggregate. Participate at your own risk but better yet BE SELECTIVE in what you share and who you share it with. Better yet, create your own database and use some of the many tools available to create/control your own private network.. and work it,

          Share
    2. And frankly I hope recruiters don’t start relying on these tools too heavily if they behave the way this one is described. As a candidate rather than a recruiter, I want to have at least *some* level of control over my information — and frankly, as a recruiter you should want that, too. As a job hunter, it’s frustrating enough to deal with the “spam blast” recruiters who send out hundreds of emails for generically-written positions based on nothing more than keyword matches; if you’re a recruiter who actually takes a few minutes to try to find the right candidates, it doesn’t help you much if you have outdated information brought to you by a scraper bot.

      Share
    3. Robyn Ann Smith Tuesday, April 8, 2014

      As the defined “source” (ie, MY profile), shouldn’t I have a say when, where, if my profile is to be used in this fashion? It’s one thing if Linked-In had informed me that HS would be using the data,,,especially if reposting the entire profile! There is a lot of PII in that profile I like to keep limited. Just because it’s “out there” doesn’t make it publically available to be used without my permission.

      Share
      1. Glenn Kristol Friday, April 11, 2014

        Are you a lawyer? Or, did you stay at a Holiday Inn Express last night?

        No. You have no say whatsoever in how facts are distributed. None. Not ever. See other posts where I quote the SCOTUS decision.

        It’s not that it’s “out there” that makes it legal to copy and publish, it’s that they are facts. And, you make BROAD assumptions when you claim that anyone is reposting an “entire profile.”

        Share
  2. Have you done a quick Google/Court search on cases of LinkedIn harvesting?

    This is exactly how they built their business.

    Share
  3. For several years people I know – and who have my email address in their contacts – have been sending me “invitations” to “join” LinkedIn … but they did not know they were sending those invitations.

    Is this any different?

    Other concerns that have done similar deeds include PCH (win some money), Tagged, ShoppyBag.

    Share
  4. Jason Webster Tuesday, April 1, 2014

    LinkedIn? The same company that bought Bright, which scraped jobs off careers pages (unbeknownst to the company) then promoted the same openings on job boards under their brand. When a user clicked they were immediately prompted to register for Bright. That was Bright’s candidate acquisition strategy. I know little about HiringSolved, but it smells of hypocrisy by LinkedIn.

    Share
    1. That’s amazing! Definitely hypocrisy, but what matters is that LinkedIn didn’t get “caught”

      Share
    2. Are you the only person who knows about this? i cant find anything related to this anywhere. Have a cite or a link?

      Share
    3. Robyn Ann Smith Tuesday, April 8, 2014

      I think it’s one thing to scrape jobs off of career sites; it’s another to scrape personally identifiable information from uses and post them on another site without the consent of the victim (Identity theft is a victimized crime).

      Share
  5. Balraj Chandra Wednesday, April 2, 2014

    Great! There is a serious need to check out for fake profiles and practice of unethical hacking practices for poaching a competition business.

    Share
    1. Sounds like you need to consult a dictionary for the definition of hacking.

      Share
      1. Danilo Angelo Thursday, April 3, 2014

        No, he does not. You do.

        Share
      2. Robyn Ann Smith Tuesday, April 8, 2014

        did you miss the adjective “ethical”?

        Share
        1. Glenn Kristol Friday, April 11, 2014

          No. I didn’t. Thanks for checking.

          If I say someone is an unethical murderer, and they say, “I am not a murderer because I’ve never killed a living thing on purpose or otherwise.” Is an appropriate response to say, “Well, you missed the part about not being ethical?”

          You either are or are not a hacker (or murderer). As you state, it’s an adjective not a noun. I can be an ethical hacker or even a melancholy hacker, but then I’m still a hacker. I can also just be ethical or melancholy and not a hacker.

          Share
  6. Is this true? April fools’ day?

    Share
  7. Jeffrey Whittaker Wednesday, April 2, 2014

    I think Bill Gates and his followers should have solved this problem by now! It makes no sense to store people’s data if it is not secure and on top of storing unsecure data you are charging people fees for storing the data unsecured! Talk about robbing Peter! The whole Silicon Valley looks like the Bad News Bears if you ask me! Safety should be the primary selling point of a software program!

    Share
    1. Robyn Ann Smith Tuesday, April 8, 2014

      Jeffrey, this isn’t a Microsoft related issue at all. For all we know, Linked-In and HS could be using Oracle for their database infrastructure. It’s not Silicon Valley, either…these are companies that weren’t even around when silicon became usable or as software became developed.

      Keep in mind that HS had to created bogus profiles under false pretenses just to see the data…it’s not insecure from a software standpoint…it’s unsecure because there are liars out there…lots and lots of them.

      Share
  8. That’s… kind of wild. For the start up they did good (800 bucks a pop and they had companies buying it). For everyone else, it was low and despicable.

    Share
  9. Creating an account to connect to someone is the practice LinkedIn specifies as its intended use. It’s in the TOS. Should any people aggregator or data company like Zoom or Jigsaw hire 1000s in Hyderabad for pennies on the dollar to create profiles or write a code to automate it? LinkedIn made the rules, and they’re crying because they’re losing wallet share. If this had anything to do with the law or privacy concerns, they would have blocked the “identifies” IPs.

    Share
    1. Rust, do you seriously think they didn’t block the IPs first? And really, that’s not a very hard thing to get around as I understand it. Do you really think they should just ignore this?

      Regarding sharing data, the difference that some of you seem to not get or be ignoring is people *giving permission* (specifically or implied by agreeing to the “terms and conditions” that basically nobody reads) to “connect to someone” and/or give out their personal info, That is key here, along with the level of data that was taken (public vs private).

      Something that people don’t seem to be getting is that if someone “steals” such info without your permission or even knowledge to give out to others, it could quickly become outdated – meaning that now they’re selling inaccurate info which could cost you job opportunities (for example, employers will see you live in Kansas and desire jobs only in Kansas…not knowing you moved to San Diego 10 months ago and are looking for jobs there now).

      True, this is hardly the same as getting your SSN illegally/etc, but I’m amazed how many people are dismissing this with a yawn.

      Share
      1. Would have to agree with you here (as a convergent technology & cyber security consultant).

        Share
        1. But also; the info shared in forums as LinkedIn should be (as I like to call) of sterile nature.

          Share
  10. As a very long time LinkedIn user, truly p*ssed to see my profile unauthorised on some other service which did not gain my permission to use same. It is a violation of my rights to have a third party steal that information and deny me the right to remove myself from their “service”. LinkedIn was authorised, but HiringSolved was certainly NOT authorised to steal my data and sell it to others. Any lawyers wanting to start a Class Action suit against Hiring Solved, I would be glad to be a plaintiff here. This is called “IdentityTheft” when you use my information without my authorisation to sell subscriptions to people to contact and/or SPAM me. Seriously, who on LinkedIn opted in for Mr. Burton’s service? No one.

    Share
    1. Johnny Appleseed Wednesday, April 2, 2014

      Nobody can “steal” publicly available non-copyright protected data. If this outrages you to the point of a lawsuit, get ready to name a TON more defendants e.g. ZoomInfo, Data.com, Jigsaw, Pipl, Spokeo, MyLife, Connect6, Connectifier, Social360, Dice OpenWeb, Full Contact, and many many many more. Including Rapportive that LinkedIn acquired!

      Share
      1. Robyn Ann Smith Tuesday, April 8, 2014

        As a user of Linked-In, Dice, and Monster, I would expect for my profile and personal identifiable information to be handled (shared) among other companies…and I would expect to be informed about it as well as disclosed how that information will be used. It isn’t copyrighted, but it IS protected. It’s one thing if HS has an agreement with LI, Dice, etc to obtain that data,,,it’s another if they are having to use bogus accounts to obtain that knowledge without my consent without even my knowledge or implied consent (no, the TOS doesn’t say “hackers may use your information freely”). Just because you rode the bus doesn’t mean people can take your wallet to stalk you later with…or use your identity.

        Share
        1. Glenn Kristol Friday, April 11, 2014

          It is not protected. You are wrong. The terms of service do not apply because they do not supercede the law. And, the use of the term hackers is so misguided, and your analogy about stealing a wallet is fundamentally deceitful. Stealing a wallet and posting work history on a website are NOT analogous. Not in anyway. At all. Ever.

          Here are facts:

          Legally, NOBODY OWNS FACTS ABOUT PEOPLE such as their names, contact information, AND WORK HISTORY. Facts are in the public domain.

          THIS WAS DECIDED BY SCOTUS in 1991 in Feist Publications, Inc. v. Rural Telephone Services, Inc.

          http://www.hrexaminer.com/who-owns-data-8-trouble-with-linkedins-lawsuit/

          Share
    2. Once you gave that information to LinkedIn, it became theirs with the responsibilities associated. It’s just not your data anymore once you hit “Save”. And, in turn, LinkedIn makes that data availabke to anyone with whom you are a “connection”.

      So, if you submitted your information to LinkedIn, then you accept a link request from someone you clearly don’t know and then they take your data and build a company with it….oops….that would be your mistake.

      Share
      1. Robyn Ann Smith Tuesday, April 8, 2014

        That’s like arguing since you rode the bus, anyone you talk to on the bus has the right to steal your identity to build their company. It’s one thing if Linked-In shared that data, it’s another if that sharing is with bogus account holders. I say chase the bogus account holders responsible.

        Share

Comments have been disabled for this post