LinkedIn Sues Hackers Over Thousands of Fake Accounts

LinkedinBusiness and professional social network, LinkedIn this week filed suit against scammers who created thousands of fake profiles in order to scrape data about existing LinkedIn members, in violation of the social network’s policies.

These people bypassed LinkedIn’s security protocols in order to troll the site for data.

LinkedIn which doesn’t yet know their exact identities says that the individuals used Amazon Web Services. It plans to ask Amazon to turn over any data it has on those tied to the accounts identified by LinkedIn.

“We’re a members-first organization and we feel we have a responsibility to protect the control that our members have over the information they put on LinkedIn,” LinkedIn said in a statement.

The scammers circumvented LinkedIn security measures like FUSE (which limits account activity), Sentinel (which limits successive requests from the same IP address), UCV (Captchas), and the robots.txt protocol (crawling). They used an automated process to create thousands of fake LinkedIn profiles, which in turn allowed them to view hundreds of thousands of legitimate member profiles per day and scrape those profiles for data.

LinkedIn’s terms of use specifically ban “scraping, spidering, crawling, or other technology or software used to access data without the express written consent of LinkedIn or its members.” Technically, the site also only allows each member to have one profile and requires that the data be accurate, but that’s harder to police.

The scam was discovered by LinkedIn when it noticed that thousands of fake member accounts had collectively viewed many member profiles in a short period of time. The fake accounts, meanwhile, demonstrated “clear patterns of automation.”

Since then, LinkedIn disabled those accounts, and said it bolstered its security, but wants to go after the scammers because fake profiles reduce the accuracy and integrity of the information on LinkedIn. The effort, meanwhile, put “significant strain” on LinkedIn’s servers.

The scheme violates the Computer Fraud and Abuse Act, the California Comprehensive Computer Access and Fraud Act, and the DMCA. It has requested a jury trial.

Source: PCmag