LinkedIn files lawsuit to identify hackers

LinkedIn has filed a lawsuit aimed at identifying hackers who by-passed security measures to copy member data

LinkedIn has filed a lawsuit aimed at identifying hackers who used Amazon's cloud computing service to bypass security measures and copy data from hundreds of thousands of member profiles.

According to court documents, ten unidentified hackers set up faked LinkedIn accounts and ran automated bots on virtual computers rented from Amazon to harvest details from members’ profiles.

“This practice, known as 'scraping,' is explicitly barred by LinkedIn's User Agreement,” which also prohibits access to LinkedIn through any “technology or software” without the “express written consent of LinkedIn or its Members,” the complaint said.

Lawyers for LinkedIn, which claims that dealing with the hackers cost them $5,000, filed a complaint with the Northern District of California Court after the fake accounts were discovered, the Telegraph reports.

With more than 259 million professional members, LinkedIn holds a wealth of personal data that can be used by cyber criminals to carry out phishing attacks, identity theft, and similar scams.

By setting up a large number of fake accounts, the hackers were able to circumvent controls that limit the activity any single account can perform, enabling the bots to access thousands of profiles a day.

The hackers bypassed a security measure that is supposed to require users to complete bot-defeating CAPTCHA dialogues when potentially abusive activities are detected, reports Ars Technica.

They also bypassed restrictions that LinkedIn intended to impose through a robots.txt file, which indicate content may be indexed by automated web-crawling programs used by Google and other sites.

LinkedIn has disabled the fake accounts and implemented more technological safeguards to prevent further scraping.

Investigators found that the hackers accessed LinkedIn using a highly scalable cloud computing platform offered by Amazon Web Services called Amazon EC2.

This enabled the hackers to rent potentially hundreds of thousands of virtual computers to run their automated data-scraping software.

The goal of LinkedIn's lawsuit is to give lawyers the legal means to carry out "expedited discovery” to learn the identity of the hackers.

Security experts said the success of this will depend on whether the hackers who subscribed to the Amazon service used payment methods or IP addresses that can be traced.



Enjoy the benefits of CW+ membership, learn more and join.

Read more on Privacy and data protection



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:




  • Dissecting the Hack

    In this excerpt from chapter three of Dissecting the Hack: The V3RB0TEN Network, authors Jayson E. Street, Kristin Sims and Brian...

  • Digital Identity Management

    In this excerpt of Digital Identity Management, authors Maryline Laurent and Samia Bousefrane discuss principles of biometrics ...

  • Becoming a Global Chief Security Executive Officer

    In this excerpt of Becoming a Global Chief Security Executive Officer: A How to Guide for Next Generation Security Leaders, ...