Microsoft-owned LinkedIn has taken legal action against companies it says operate millions of fake accounts on the professional networking site for the purpose of large-scale data scraping.
The court papers names ProAPIs, a company registered in the US state of Delaware and based in Middletown, as the primary defendant.
Also named are Netswift (SMC-Private) Ltd, a Pakistani company and Rehmat Alam, who is the cofounder and chief technology officer of both entities.
It is seeking a jury trial against ProAPIs and its affiliated companies, alleging they run a “vast network of continuously-created fake accounts” that scrape LinkedIn member profiles, company data, and user posts before the platform’s security systems can shut them down.
“[This] industrial-scale fake account mill scrapes member information that real people have posted on LinkedIn, including data that is only available behind LinkedIn’s password wall and that Defendants’ customers may not otherwise be allowed to access, and certainly are not allowed to copy and keep in perpetuity,” LinkedIn’s lawyers alleged in the complaint.
It is alleged by LinkedIn that ProAPIs created thousands of email addresses to register fake LinkedIn accounts under false names with stock images as profile photos.
Such fraudulent accounts typically survive only a few hours before LinkedIn’s technical defences detect and restrict them.
However, during that brief window of existence, each fake account can scrape hundreds of profiles or more, the complaint alleges.
Despite LinkedIn restricting a high percentage of these accounts, ProAPIs persisted in registering hundreds or thousands of new accounts daily, it is alleged.
The operation allegedly targeted data behind LinkedIn’s login wall, accessing information that users have chosen to share only with authenticated LinkedIn members.
ProAPIs openly advertises its “iScraper API” [application programming interface] as a tool to “scrape LinkedIn data efficiently in real-time and at scale”, with pricing reaching US$15,000 per month for five million API calls at 150 requests per second.
The scraping activity places what LinkedIn described as an “unreasonable load” on its servers, consuming capacity in amounts “abnormal and disproportionate” to real human users.
Scrapers like ProAPIs are responsible for the majority of traffic to certain LinkedIn servers that serve member profiles, the complaint said.
That consumption of resources has forced LinkedIn to over-invest in server capacity to prevent larger system failures; the company claimed it has expended hundreds of hours of employee time investigating and responding to the defendants’ activities.
LinkedIn alleged that once scraped, member data could end up in databases used for spam, be sold to scammers, or combined with other information to create extensive private databases without members’ knowledge or consent.
LinkedIn is seeking a permanent injunction preventing the defendants from accessing its website, extracting data, or using its trademarks.
It also demands that ProAPIs destroys all scraped data, notify customers who purchased the information, and pay damages including potential enhanced and punitive damages.
The complaint was filed in the Northern District of California on October 2 this year, United States time [pdf].
LinkedIn’s user agreement explicitly prohibits scraping, fake accounts, and unauthorised data extraction, terms that all defendants accepted when creating accounts and company pages on the platform.
In recent years, the professional networking site fought a lengthy legal battle with HiQ Labs, a data analytics firm that used bots for scraping, and eventually prevailed and won a settlement for the latter company’s breach of LinkedIn’s terms and conditions.
