LinkedIn, one of the world's largest professional networking sites, filed suit against unknown hackers who registered thousands of phony accounts in order to harvest valuable member data. The complaint, filed in federal court in the Northern District of California, was the first step the company needed to take so that it could subpoena Amazon.com, who was not named as a defendant. LinkedIn is in the process of gathering evidence about the John Does, who used an automated system run on the cloud computer platform provided by Amazon Web Services.
LinkedIn profile data is not generally visible to accessible by visitors who are not logged into the website with an active account. In its complaint, LinkedIn described how hackers circumvented the company's security protocols and measures so that thousands of fake membership accounts could be created. Automated computer programs (knows as "robots" and "spiders") were allegedly run on the Amazon Elastic Compute Cloud system (also know as "Amazon EC2") which logged into LinkedIn using the fake accounts so as to "scrape" data off of member pages. The company assumes that one purpose for the data harvesting is to create a competitive database of eligible candidates for employment that could be made available and sold to recruiters and headhunters.
A "John Doe complaint" is filed against fictitious defendants when their identities are unknown at the time of the lawsuit. By filing a legal complaint in a court of law, a plaintiff is able to serve information subpoena's to third parties in order to ascertain the identities of the alleged perpetrators. Once these parties are identified, they may be made defendants in the lawsuit and served with legal notice.
In addition to violating LinkedIn legal policies, which explicitly prohibit the unauthorized spidering, scraping, crawling of the website, the complaint sets forth three claims for relief based upon:
The law firm of Munger, Tolles & Olson LLP and attorneys for LinkedIn, is also representing the company as a defendant in a recent lawsuit claiming that LinkedIn hacked member email accounts in order to send mass spam invitations to third parties.
- violations of the Computer Fraud and Abuse Act, 18 U.S.C. §1030;
- violations of the California Computer Access and Fraud Act, Cal. Penal Code §502;
- violations of the Digital Millennium Copyright Act (DMCA), 17 U.S.C. §1201;
- breach of contract;
- trespass; and
- Legal Practice:
- Computers - Internet
- US Federal