LinkedIn Suffers Huge Bot Attack That Steals Members’ Personal Data
from the paperwork dept.
Data thieves used a massive “botnet” against professional networking site LinkedIn and stole member’s personal information, a new lawsuit reveals. “LinkedIn members populate their profiles with a wide range of information concerning their professional lives, including summaries (narratives about themselves), job histories, skills, interests, educational background, professional awards, photographs and other information,” said the company’s complaint, filed in Northern California U.S. District Court (PDF). “During periods of time since December 2015, and to this day, unknown persons and/or entities employing various automated software programs (often referred to as ‘bots’) have extracted and copied data from many LinkedIn pages.” It is unclear to what extent LinkedIn has been able to stymie the attack. A statement from the firm’s legal team suggests one avenue of penetration has been permanently closed, but does not address other means of incursion listed in the lawsuit. “Their actions have violated the trust that LinkedIn members place in the company to protect their information,” the complaint said. “LinkedIn will suffer ongoing and irreparable harm to its consumer goodwill and trust, which LinkedIn has worked hard for years to earn and maintain, if the conduct continues.” LinkedIn says it has more than 128 million U.S. members and more than 400 million worldwide. According to the complaint, the hackers got around six LinkedIn cybersecurity systems, and also manipulated a cloud-services company that was on the company’s “whitelist” of “popular and reputable service providers, search engines and other platforms” which interact with LinkedIn under less severe security measures than other third parties. The manipulation allowed the hackers to send requests to LinkedIn servers.
“This was not an attack or data breach where confidential data was stolen,” LinkedIn’s legal team said in a statement. “This suit is about unknown entities using automated systems to scrape and copy data that members have made available on LinkedIn, violating the law and our Terms of Service.”