LinkedIn issues lawsuit to stop bots stealing its data

LinkedIn issues lawsuit to stop bots stealing its data

Summary: Thousands of fake LinkedIn accounts have copied data from authentic user accounts using virtual machines (VMs) hosted by Amazon Web Services. LinkedIn intends to find and bring the owners of these VMs to justice.


LinkedIn has over 259 million users worldwide and 84 million members in the US. It is concerned that not all of its users are real, and has filed a complaint with the court in the district of Northern California, claiming that the site has been "polluted" with fake user profiles.

(Image: Wikimedia Commons)

The complaint centres around LinkedIn's claim that since May 2013, "thousands of unknown persons and/or entities employing various automated software programs (often referred to as 'bots') have registered thousands of faked LinkedIn member accounts, and have extracted and copied data from many member profile pages".

Data scraping is against the user agreement of LinkedIn and many other social networking platforms.

The user agreement, like Facebook's, states that users shall have only one LinkedIn account at any given time, and will use their real name on the account.

LinkedIn is suing under the Computer Fraud and Abuse Act (CFAA), the Digital Millennium Copyright Act (DMCA) and the California Penal Code as it believes that these bots are undermining its integrity as a platform.

LinkedIn has invested "significantly" in its Recruiter product, and it believes that it has needed to expend significant time and resources to "investigate and respond to this misconduct".

The LinkedIn Recruiter product is a paid-for service that enables head hunters and corporate recruiters to discover candidates. This service is paid for by over 16,000 companies.

In July 2013, I wrote about how LinkedIn clones show our desire to connect. I had been contacted by one of these cloned accounts. I accepted the connection out of curiosity.

I wanted to see why a commander in the Canadian Army would want to connect with me. Perhaps the Canadian Army wanted to hire me as a consultant. Straight away, I noticed that there were irregularities with the cloned account.

I contacted the real commander, and got in touch with LinkedIn to try to get the cloned account shut down. It took two weeks of repeated requests to LinkedIn before it shut down the cloned account.

LinkedIn has controls in place to prevent automated data scraping from occurring. Its FUZE and Sentinel programs monitor suspicious activities and limit the activity that individual users can initiate on the site.

Worryingly, LinkedIn admitted that during May and June 2013, its robots.txt file was circumvented. Its "UCV" system, which uses CAPTCHA to check whether a user is genuine, was also bypassed.

FUSE, which limits volume of activity for accounts, was circumvented, and Sentinel, which watches for successive requests made by IP addresses, was also circumvented.

LinkedIn was accessed by bots that ran on virtual machines hosted on Amazon Web Services. LinkedIn can subpoena Amazon to discover who is behind the attacks.

If LinkedIn does not pursue the creators of these bots, the potential damage to its credibility could be huge.

Users who are paying for premium services will turn to sites that deliver more accurate search results. LinkedIn users who use the site to find new jobs will go elsewhere to further their career.

LinkedIn must pursue these unknown "doe defendants" — and discover who they are. Whether these does are owned by rival networking sites or malicious pranksters is irrelevant.

LinkedIn's continued ability to generate revenue depends on its good reputation for accuracy in its user base.

At the mercy of automated bots, it will have value for nobody.

Topics: Social Enterprise, Amazon, CXO, Cloud, Legal

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • speaking of bots...

    speaking of bots, see above comment.
    speaking of scraping linked-in, where do you suppose ZDnet got the photos for this article?
  • FUSE vs FUZE Who cares about LinkedIn?

    "Its FUZE and Sentinel programs monitor suspicious activities and limits the activity that individual users can initiate on the site."
    "FUSE, which limits volume of activity for accounts was circumvented and Sentinel which watches for successive requests made by IP addresses was also circumvented." Is it FUZE or FUSE?

    I am not on any social network, so I don't have to worry from that standpoint. They don't offer me any value as far as I can tell.
  • And I Thought It was LinkedIn...

    I recently closed my LinkedIn account after my email was bombarded with requests from total strangers. I actually blamed LinkedIn for this. It appears that I may have misplaced the blame.
    • No, LinkedIn is to blame as it's their automated software

      that keeps sending you the reminders about accepting the requests. The real bad aspect of it is the email they send you has a link in it to allow you to deny the request, but that takes you to a web page that doesn't work due to the third party scripts and code on it being killed off by my security software. Nor do they allow you to register an email as a permanent 'do not contact me.' I've ended up setting me email system to junk all mail from LinkedIn as the only way to get peace from their constant request to join emails.
      Deadly Ernest
  • LinkedIn will get it right

    As a long time LinkedIn user, I have faith that the issues with fake accounts will be addressed by LinkedIn as they do doubt understand what is at stake. Let's hope that the court issues a subpoena for Amazon to disclose who is behind the attacks, for the sake of LinkedIn users, employees and shareholders.