According to court documents, ten unidentified hackers set up faked LinkedIn accounts and ran automated bots on virtual computers rented from Amazon to harvest details from members’ profiles.
“This practice, known as 'scraping,' is explicitly barred by LinkedIn's User Agreement,” which also prohibits access to LinkedIn through any “technology or software” without the “express written consent of LinkedIn or its Members,” the complaint said.
Lawyers for LinkedIn, which claims that dealing with the hackers cost them $5,000, filed a complaint with the Northern District of California Court after the fake accounts were discovered, the Telegraph reports.
More on LinkedIn Security
- LinkedIn social networking site hit by DNS hijacking
- LinkedIn confirms "some" passwords stolen
- LinkedIn data breach costs more than $1m
- Security Zone: LinkedIn or left out?
- Businesses told to take LinkedIn hack seriously
- LinkedIn password leak: Lessons to be learned from LinkedIn breach
- Should you be worried by stolen LinkedIn passwords?
With more than 259 million professional members, LinkedIn holds a wealth of personal data that can be used by cyber criminals to carry out phishing attacks, identity theft, and similar scams.
By setting up a large number of fake accounts, the hackers were able to circumvent controls that limit the activity any single account can perform, enabling the bots to access thousands of profiles a day.
They also bypassed restrictions that LinkedIn intended to impose through a robots.txt file, which indicate content may be indexed by automated web-crawling programs used by Google and other sites.
LinkedIn has disabled the fake accounts and implemented more technological safeguards to prevent further scraping.
Investigators found that the hackers accessed LinkedIn using a highly scalable cloud computing platform offered by Amazon Web Services called Amazon EC2.
This enabled the hackers to rent potentially hundreds of thousands of virtual computers to run their automated data-scraping software.
The goal of LinkedIn's lawsuit is to give lawyers the legal means to carry out "expedited discovery” to learn the identity of the hackers.
Security experts said the success of this will depend on whether the hackers who subscribed to the Amazon service used payment methods or IP addresses that can be traced.