LinkedIn names company that used bots to steal profiles for competing Recruiter service

51 Comments

In January, LinkedIn(s lnkd) filed a lawsuit that accused unnamed “John Does” of creating fake profiles in order to “connect” with real LinkedIn users and siphon their professional profiles. Now, the company has identified who is controlling the bots and, unsurprisingly, it turns out to be a would-be competitor.

In an amended complaint filed last week in San Francisco, LinkedIn named a start-up called HiringSolved as well as its founder Shon Burton, who was recently profiled in the career advice section of Business Insider.

LinkedIn said it identified Burton by collecting the IP addresses associated with the bots tied to the fake profiles. LinkedIn then traced those IP addresses to a “well-known cloud computing platform,” whose billing records tied them to Burton’s residence in San Francisco.

LinkedIn is now seeking damages and an injunction against Burton and HiringSolved, which reportedly charges subscribers $199 to $799 to access its data. LinkedIn claims the use of bots to scrape its site amounts to a breach of contract, and a violation of copyright and hacking laws. The company’s complaint also describes how Burton’s bots circumvented a variety of measures intended to prevent profile scraping.

Burton, however, denied that he is doing anything wrong.

“I can say that we do not believe we have done anything illegal. HiringSolved is in a new class of business tools called “People Aggregators” and it is considered to be one of the best in class,” said Burton in an email.

Burton’s assurances may not do much to assuage LinkedIn users whose entire profiles appear on the HiringSolved platform, where users can’t edit them.

Meanwhile, HiringSolved isn’t the only company attempting to exploit LinkedIn data. This week, the company sent a cease-and-desist to a shadowy company called Sell Hack, which offers a plug-in that reveals every LinkedIn user’s real email address via a “Hack In” button (Update: Sell Hack stated on Monday it has disabled the button).

LinkedIn provided the following statement: “As a members-first organization, we provide our members with control over the information that they make available to others on LinkedIn.  When anyone tries to take away this control by scraping our members’ profiles without permission, we can and will take aggressive action to stop them and hold them accountable.”

Here’s the new complaint that names Burton:

LinkedIn HiringSolved Complaint

[protected-iframe id=”36b68abb6060390259d102729f2ffeac-14960843-34118173″ info=”//www.scribd.com/embeds/215787368/content?start_page=1&view_mode=scroll&show_recommendations=true” width=”100%” height=”600″ frameborder=”0″ scrolling=”no”]

51 Comments

David Miller

I wouldn’t say this is hacking, but it is certainly very unethical. In an age where your presence online is as important as IRL, creating fake online connections is akin to identity fraud.

Matthew Sharpe

Copyrightable, not copy-writeable – right as in rights of ownership – not write as in to write a resume. Don’t mean to be an asshole just a pet bug of mine.
Also, though it’s probably a bit of a grey area, I think you might be wrong, a curriculum vitae is copyrightable, so I would have expected the content of a linked-in profile would be too, though I guess its subject to the terms and conditions you agree to when you post it.

Glenn Kristol

I point not only to hundreds of sites that do the same thing as HS, but also a very famous US Supreme Court ruling on phone books. Feist Publications, Inc., v. Rural Telephone Service Co., 499 U.S. 340 (1991), is a decision by the Supreme Court of the United States establishing that information must have a minimum standard of creativity to be copyright protected.

So, presumably, work history that one posts is factual and generally boilerplate. Though, LinkedIn takes it to even a greater level of uniformity because the information is structured. You can apply to have your resume copyright protected; however, sites like HS normally will not “copy” your information in it’s entirety. In fact, what is truly ironic about this case is that often (and HS is not an exception) these sites link to the source of the data. And, the fact that profiles created by these aggregators is combined with many other sources of information from the open web.

People do not purchase from companies like HS for no reason. If they were merely copying LinkedIn info, then recruiters and salespeople can get that info free of charge. There are a myriad of ways to get that info because LinkedIn is practically a sinking ship since it has so many holes in it. Just Google X-Ray searching LinkedIn. Or, try using tools like Connectifier or as someone has already pointed out, try the company LinkedIn acquired (Rapportive) to see how easy it is to get LI data for free. Why would people pay $800 month or more per seat to get what they could get for free in one search? They wouldn’t in the volume that they are.

anonymous

I would disagree with you Peter. My LinkedIn profile is based on my resume. My resume content and format IS copyrighted. Additionally, there is absolutely nothing preventing you from posting a copyright notice in your LinkedIn profile to help prevent the misappropriation of the information in your profile.

LinkedIn is a privately owned web site. As such, they need your permission to have your information on their site. You give LinkedIn your implied permission by posting your information on LinkedIn. You give LinkedIn your explicit permission by agreeing to the LinkedIn Terms of Use.

An argument was raised that my information can be found on Google. This is an invalid argument for the simple fact that your information does not reside on Google itself. Google is a search engine that presents you with links to the sites where your information does reside. Hopefully, those sites are all sites, like LinkedIn, that you have given your implied and explicit permission to have your information.

With regards to hacking, http://dictionary.reference.com/ defines hacking as ” to break into (a server, website, etc.) from a remote location to steal or damage data”. Wikipedia defines a hacker as “someone who seeks and exploits weaknesses in a computer system or computer network”. This is exactly what HiringSolved did. Many other “people aggregators” operate the same way… they steal your information for their gain.

The bottom line is… the information YOU post on LinkedIn, or any place else, is YOUR information that you have given LinkedIn permission to have. You have the ability to make changes/updates to your information as needed. You also have the ability to remove your information from LinkedIn should LinkedIn make undesirable changes to their web site and/or the way the do business. I removed my profile from CareerBuilder when they took away my ability to post my resume anonymously.

In turn, LinkedIn needs to behave responsibly in how YOUR information is used… which is exactly what they are doing in filing this lawsuit. Thank you LinkedIn.

builder7

It sounds to me like this guy has been learning the same tricks that big business and the government have been using for years.

Rob Colbert

He is the software industry’s newest equivalent of a rapper who maybe samples a little *too* much when making his records. Oh, the controversy.

gutmach

Johnny Appleseed and Glenn Kristol are right that many other companies are doing this kind of people profile aggregation. You can be sure that LinkedIn will go after all those that develop critical mass, and either buy them, get them to pay licensing fees, or shut them down (they’ve already demonstrated this pattern). The only way this stops is if the Supreme Court decides that this kind of aggregation is permissible (LinkedIn has the resources to keep appealing up to that level if they don’t like the lower court decisions). So the ultimate question is whether this activity violates copyright laws or not. While a growing number of recruiters (especially sourcers) are becoming increasingly dependent on aggregators, successful ones will figure out ways to find and hire their candidates with or without them, just as they did before such tools existed and even pre-Internet, though it’s clear that Internet-enabled tools make building the front end of the talent sourcing funnel much faster. This will continue to shift the challenges of recruiting to later stages in the hiring process, which is where the big biller third-party recruiters will readily tell you is how they make their money. Struggling sourcers may want to consider switching from recruiting to intellectual property law — those attorneys will keep making money! ;-)

Shain McKinnie

I put my profile on LinkedIn so I could be “Found”. What good does it do if my info is isolated or restricted to a single source.

Dave Hubbard

As a social networking user, I’m okay with companies scraping my PUBLIC LinkedIn profile, but I have a problem with them scraping my PRIVATE (for members only) LinkedIn profile. In this interconnected world, we all need to protect our brand and reputation. ZoomInfo scrapes only the public information, yet still encourages the user to update the aggregated profile for accuracy. So regardless what LinkedIn’s history or real motivation is behind their suit, if they win, social networking users win.

Joe Smith

Wow, Dave is one of the few who gets it. There is a diff between sharing your public and more “benign” data vs private data for which NO PERMISSION was given (explicit or implied) to share or “steal.”

Rob Colbert

Don’t accept random invites. Not advocating for what the company/individual is doing. Just saying that we need to carefully manage our contact list. LinkedIn is no different than any other. Your data is there, and you’re trusting people with it. Oops.

afertig

I interviewed Shon Burton for an article I published on USNews & World Report on Feb. 4th. titled “4 Ways to Use Big Data In Your Job Hunt”. http://money.usnews.com/money/blogs/outside-voices-careers/2014/02/04/4-ways-to-use-big-data-in-your-job-hunt

What he does is not only scrape LinkedIn, but virtually every other online social media site. Learn more about how Burton is trying to transform the way that employers find out about real and potential candidates in my article.

Arnie Fertig / USNews & World Report “On Careers” Contributing Blogger
http://www.jobhuntercoach.com

vancouverizer

Is the argument here that an individual should only have one true account on LinkedIn according to the TOS? If so, and companies are “people” (in the US anyway) I believe the only issue is that HiringSolved failed to incorporate a subsidiary (company/person) for each LinkedIn account it created. If it had done that would it be operating within the TOS?

Josef Kadlec

Jason Webster: You nailed it. Rapportive in a similar way as well…

Simply….nothing personal, it’s just a business: )

Glenn Kristol

So, if I pull a list of my contacts in LinkedIn and sell them to a recruiter or salesperson, then I’ve broken the law? According to this complaint, I guess that’s the case. However as Peter stated above, it’s unfortunate for the multi-billion dollar company that this data isn’t protected by copyright.

Also, “crawling” and “hacking” are not synonymous. If it were, then Google, Bing, Yahoo!, and thousands more would be called “hacking engines” and not “search engines.”

So, LinkedIn better be able to pull some magic for the DMCA or CFAA to apply here, and if it does, they better be prepared to go after MANY more organizations than Hiring Solved.

centriclogicblog

Isn’t the lesson here: On LinkedIn, don’t link to someone you don’t personally know? That way, you won’t be linking to a fake profile that only wants your information.

freecode

As a very long time LinkedIn user, truly p*ssed to see my profile unauthorised on some other service which did not gain my permission to use same. It is a violation of my rights to have a third party steal that information and deny me the right to remove myself from their “service”. LinkedIn was authorised, but HiringSolved was certainly NOT authorised to steal my data and sell it to others. Any lawyers wanting to start a Class Action suit against Hiring Solved, I would be glad to be a plaintiff here. This is called “IdentityTheft” when you use my information without my authorisation to sell subscriptions to people to contact and/or SPAM me. Seriously, who on LinkedIn opted in for Mr. Burton’s service? No one.

Johnny Appleseed

Nobody can “steal” publicly available non-copyright protected data. If this outrages you to the point of a lawsuit, get ready to name a TON more defendants e.g. ZoomInfo, Data.com, Jigsaw, Pipl, Spokeo, MyLife, Connect6, Connectifier, Social360, Dice OpenWeb, Full Contact, and many many many more. Including Rapportive that LinkedIn acquired!

Robyn Ann Smith

As a user of Linked-In, Dice, and Monster, I would expect for my profile and personal identifiable information to be handled (shared) among other companies…and I would expect to be informed about it as well as disclosed how that information will be used. It isn’t copyrighted, but it IS protected. It’s one thing if HS has an agreement with LI, Dice, etc to obtain that data,,,it’s another if they are having to use bogus accounts to obtain that knowledge without my consent without even my knowledge or implied consent (no, the TOS doesn’t say “hackers may use your information freely”). Just because you rode the bus doesn’t mean people can take your wallet to stalk you later with…or use your identity.

Glenn Kristol

It is not protected. You are wrong. The terms of service do not apply because they do not supercede the law. And, the use of the term hackers is so misguided, and your analogy about stealing a wallet is fundamentally deceitful. Stealing a wallet and posting work history on a website are NOT analogous. Not in anyway. At all. Ever.

Here are facts:

Legally, NOBODY OWNS FACTS ABOUT PEOPLE such as their names, contact information, AND WORK HISTORY. Facts are in the public domain.

THIS WAS DECIDED BY SCOTUS in 1991 in Feist Publications, Inc. v. Rural Telephone Services, Inc.

http://www.hrexaminer.com/who-owns-data-8-trouble-with-linkedins-lawsuit/

Rob Colbert

Once you gave that information to LinkedIn, it became theirs with the responsibilities associated. It’s just not your data anymore once you hit “Save”. And, in turn, LinkedIn makes that data availabke to anyone with whom you are a “connection”.

So, if you submitted your information to LinkedIn, then you accept a link request from someone you clearly don’t know and then they take your data and build a company with it….oops….that would be your mistake.

Robyn Ann Smith

That’s like arguing since you rode the bus, anyone you talk to on the bus has the right to steal your identity to build their company. It’s one thing if Linked-In shared that data, it’s another if that sharing is with bogus account holders. I say chase the bogus account holders responsible.

Rust Connor

Creating an account to connect to someone is the practice LinkedIn specifies as its intended use. It’s in the TOS. Should any people aggregator or data company like Zoom or Jigsaw hire 1000s in Hyderabad for pennies on the dollar to create profiles or write a code to automate it? LinkedIn made the rules, and they’re crying because they’re losing wallet share. If this had anything to do with the law or privacy concerns, they would have blocked the “identifies” IPs.

Joe Smith

Rust, do you seriously think they didn’t block the IPs first? And really, that’s not a very hard thing to get around as I understand it. Do you really think they should just ignore this?

Regarding sharing data, the difference that some of you seem to not get or be ignoring is people *giving permission* (specifically or implied by agreeing to the “terms and conditions” that basically nobody reads) to “connect to someone” and/or give out their personal info, That is key here, along with the level of data that was taken (public vs private).

Something that people don’t seem to be getting is that if someone “steals” such info without your permission or even knowledge to give out to others, it could quickly become outdated – meaning that now they’re selling inaccurate info which could cost you job opportunities (for example, employers will see you live in Kansas and desire jobs only in Kansas…not knowing you moved to San Diego 10 months ago and are looking for jobs there now).

True, this is hardly the same as getting your SSN illegally/etc, but I’m amazed how many people are dismissing this with a yawn.

MyStolenID

Would have to agree with you here (as a convergent technology & cyber security consultant).

MyStolenID

But also; the info shared in forums as LinkedIn should be (as I like to call) of sterile nature.

yes2wes

That’s… kind of wild. For the start up they did good (800 bucks a pop and they had companies buying it). For everyone else, it was low and despicable.

Jeffrey Whittaker

I think Bill Gates and his followers should have solved this problem by now! It makes no sense to store people’s data if it is not secure and on top of storing unsecure data you are charging people fees for storing the data unsecured! Talk about robbing Peter! The whole Silicon Valley looks like the Bad News Bears if you ask me! Safety should be the primary selling point of a software program!

Robyn Ann Smith

Jeffrey, this isn’t a Microsoft related issue at all. For all we know, Linked-In and HS could be using Oracle for their database infrastructure. It’s not Silicon Valley, either…these are companies that weren’t even around when silicon became usable or as software became developed.

Keep in mind that HS had to created bogus profiles under false pretenses just to see the data…it’s not insecure from a software standpoint…it’s unsecure because there are liars out there…lots and lots of them.

Balraj Chandra

Great! There is a serious need to check out for fake profiles and practice of unethical hacking practices for poaching a competition business.

Rust Connor

Sounds like you need to consult a dictionary for the definition of hacking.

Glenn Kristol

No. I didn’t. Thanks for checking.

If I say someone is an unethical murderer, and they say, “I am not a murderer because I’ve never killed a living thing on purpose or otherwise.” Is an appropriate response to say, “Well, you missed the part about not being ethical?”

You either are or are not a hacker (or murderer). As you state, it’s an adjective not a noun. I can be an ethical hacker or even a melancholy hacker, but then I’m still a hacker. I can also just be ethical or melancholy and not a hacker.

Jason Webster

LinkedIn? The same company that bought Bright, which scraped jobs off careers pages (unbeknownst to the company) then promoted the same openings on job boards under their brand. When a user clicked they were immediately prompted to register for Bright. That was Bright’s candidate acquisition strategy. I know little about HiringSolved, but it smells of hypocrisy by LinkedIn.

philtomm

That’s amazing! Definitely hypocrisy, but what matters is that LinkedIn didn’t get “caught”

jeremy7600

Are you the only person who knows about this? i cant find anything related to this anywhere. Have a cite or a link?

Robyn Ann Smith

I think it’s one thing to scrape jobs off of career sites; it’s another to scrape personally identifiable information from uses and post them on another site without the consent of the victim (Identity theft is a victimized crime).

don

For several years people I know – and who have my email address in their contacts – have been sending me “invitations” to “join” LinkedIn … but they did not know they were sending those invitations.

Is this any different?

Other concerns that have done similar deeds include PCH (win some money), Tagged, ShoppyBag.

us0r

Have you done a quick Google/Court search on cases of LinkedIn harvesting?

This is exactly how they built their business.

Irina Shamaeva

There are quite a few “people aggregators”, which is a new generation of sourcing tools for recruiters. These tools help to make sense of and search within the publicly available data across different social sites. I agree that HS is one of the best tools in this category. I am pretty sure they did nothing wrong. We’ll keep our fingers crossed that this type of help for recruiters will remain available.

Valhalla

Surely I should have the option of either agreeing or disagreeing to my data being present on HS! Baffles me when people (Recruiters) talk like this, please remember there is a person behind the profile and they have feelings gaddamit.

Rudolph, the red-nose Reindeer

Recruiters are a disgusting breed, along with real estate agents and lawyers that look for class law suits. They have little to no respect for the individuals, their superficial/hypocritical interest in their clients getting a house, a job or justice is pure self-interest.

As for the former 2 there is also little education/insider knowledge needed. The general need to earn money and have a roof over your head is fundamental, and if the market is “bullish” there is even more money to be made.

If you are in need of their services and you contact them they’ll push you away as if you were some nuisance, if you are not they’ll come and bother you and refuse to leave you alone. They are like parasites. Wherever there is a potential host for them, you can find them.

Honestly I have respect for lots of professions, particularly the ones that are menial and often performed by immigrants in so many first world countries but I cannot bring myself to respect the above mentioned.

Scott Ariens

Obviously you’ve never had a relationship with a recruiter/consultant who adds value, who works to solve a hiring problem for a company and adds value to the career of an individual …. so much for sweeping generalizations or are you really that unrealistic? What’s disconcerting here is the entire ‘dark side’ of social media – the ‘people behind the curtain’ cannot be trusted 100% because they want to make money in any way they can from the ‘data’ they aggregate. Participate at your own risk but better yet BE SELECTIVE in what you share and who you share it with. Better yet, create your own database and use some of the many tools available to create/control your own private network.. and work it,

Watts Martin

And frankly I hope recruiters don’t start relying on these tools too heavily if they behave the way this one is described. As a candidate rather than a recruiter, I want to have at least *some* level of control over my information — and frankly, as a recruiter you should want that, too. As a job hunter, it’s frustrating enough to deal with the “spam blast” recruiters who send out hundreds of emails for generically-written positions based on nothing more than keyword matches; if you’re a recruiter who actually takes a few minutes to try to find the right candidates, it doesn’t help you much if you have outdated information brought to you by a scraper bot.

Robyn Ann Smith

As the defined “source” (ie, MY profile), shouldn’t I have a say when, where, if my profile is to be used in this fashion? It’s one thing if Linked-In had informed me that HS would be using the data,,,especially if reposting the entire profile! There is a lot of PII in that profile I like to keep limited. Just because it’s “out there” doesn’t make it publically available to be used without my permission.

Glenn Kristol

Are you a lawyer? Or, did you stay at a Holiday Inn Express last night?

No. You have no say whatsoever in how facts are distributed. None. Not ever. See other posts where I quote the SCOTUS decision.

It’s not that it’s “out there” that makes it legal to copy and publish, it’s that they are facts. And, you make BROAD assumptions when you claim that anyone is reposting an “entire profile.”

Comments are closed.