News LinkedIn Sues Unknown Hackers for Scraping Data

  1. LinkedIn, one of the world's largest professional networking sites, filed suit against unknown hackers who registered thousands of phony accounts in order to harvest valuable member data. The complaint, filed in federal court in the Northern District of California, was the first step the company needed to take so that it could subpoena Amazon.com, who was not named as a defendant. LinkedIn is in the process of gathering evidence about the John Does, who used an automated system run on the cloud computer platform provided by Amazon Web Services.

    LinkedIn profile data is not generally visible to accessible by visitors who are not logged into the website with an active account. In its complaint, LinkedIn described how hackers circumvented the company's security protocols and measures so that thousands of fake membership accounts could be created. Automated computer programs (knows as "robots" and "spiders") were allegedly run on the Amazon Elastic Compute Cloud system (also know as "Amazon EC2") which logged into LinkedIn using the fake accounts so as to "scrape" data off of member pages. The company assumes that one purpose for the data harvesting is to create a competitive database of eligible candidates for employment that could be made available and sold to recruiters and headhunters.

    A "John Doe complaint" is filed against fictitious defendants when their identities are unknown at the time of the lawsuit. By filing a legal complaint in a court of law, a plaintiff is able to serve information subpoena's to third parties in order to ascertain the identities of the alleged perpetrators. Once these parties are identified, they may be made defendants in the lawsuit and served with legal notice.

    In addition to violating LinkedIn legal policies, which explicitly prohibit the unauthorized spidering, scraping, crawling of the website, the complaint sets forth three claims for relief based upon:
    • violations of the Computer Fraud and Abuse Act, 18 U.S.C. §1030;
    • violations of the California Computer Access and Fraud Act, Cal. Penal Code §502;
    • violations of the Digital Millennium Copyright Act (DMCA), 17 U.S.C. §1201;
    • breach of contract;
    • trespass; and
    • misappropriation.
    The law firm of Munger, Tolles & Olson LLP and attorneys for LinkedIn, is also representing the company as a defendant in a recent lawsuit claiming that LinkedIn hacked member email accounts in order to send mass spam invitations to third parties.
    Legal Practice:
    Computers - Internet
    Jurisdiction:
    • California
    • US Federal

    Article Tags

    Michael M. Wechsler

    Michael M. Wechsler
    Michael M. Wechsler is an experienced attorney, founder of TheLaw.com, A. Research Scholar at Columbia Business School and of-counsel to Kaplan, Williams & Graffeo, LLC. He was also an SVP and chief Internet strategist at Zedge.net and legal consultant at Kroll Ontrack, a leading service e-discovery and computer forensics service provider.

Comments

To make a comment simply sign up and become a member!