LinkedIn sues to stop bots that are stealing its user profiles

Professional network LinkedIn(s lnkd) is fighting off shady competitors that are using bots to vacuum up hundreds of thousands of its user profiles in order to compete with LinkedIn’s own recruiter products, according to a new lawsuit.

In a complaint filed this week in San Francisco, LinkedIn asked a court to grant orders that will allow it to stop a group of “John Does” from scraping its servers, and to make the unknown defendants pay for allegedly breaching federal and state hacking statutes as well as a variety of other laws.

LinkedIn explained that since May of 2013, unknown people have been deploying a wave of bots that create thousands of fake profiles in order to interact with real LinkedIn users and siphon their user profiles. As the complaint (embedded below) states:

Registering so many unique new accounts allowed the Doe Defendants to view hundreds of thousands of member profiles per day … [and] have engaged in their scraping activities in an attempt to establish competing recruiting websites and usurp LinkedIn’s recruiter product.

In response to the wave of bots, LinkedIn said in the complaint that it has had to expend considerable energy shutting down the fake profiles. It also said the bots have cost it computing resources and threaten the company’s integrity.

In order to identify the creator of the bots, LinkedIn said it will issue discovery orders to Amazon Web Services(s amzn), which the defendants are using to create and store information related to the fake profiles.

It’s unclear which companies or sites have been using LinkedIn’s user profiles, or if the data scraping presents any risk to the company’s users.

Update: LinkedIn sent the following statement by email: “We’re a members-first organization and we feel we have a responsibility to protect the control that our members have over the information they put on LinkedIn.”

A Google search for “LinkedIn and bots” turns up a number of web sites such as Black Hat World where users compare techniques for creating fake LinkedIn users and avoiding detection.

It’s not immediately clear if LinkedIn has a clear-cut legal case since it is not necessarily illegal to copy information from a website. In its complaint, the company is relying on its own terms of services that forbid scraping as well as the Computer Fraud and Abuse Act and the the Digital Millenium Copyright Act.

In the meantime, LinkedIn users may wish to be wary about which invitations to connect they accept.

Here’s a copy of the complaint, which was tweeted by lawyer Mark H. Jaffe (I’ve underlined some of the relevant parts)

This story was updated at 6pmET to include LinkedIn’s statement.

LinkedIn v John Does (Bots Case) by jeff_roberts881

[protected-iframe id=”9d320ecb3a2b1abfcb7f40b02aef137c-14960843-34118173″ info=”//” width=”100%” height=”600″ frameborder=”0″ scrolling=”no”]