LinkedIn sues ProAPIs for using 1M fake accounts to scrape user data
LinkedIn has filed a lawsuit against Delaware company ProAPIs Inc. and its founder and CTO, Rehmat Alam, for allegedly scraping legitimate data through more than a million fake accounts.
ProAPIs activity constitutes a violation of LinkedIn’s terms of service (ToS), based on which the company seeks to get the court’s approval for a permanent injunction, deletion of the scraped data, and payment of damages.
LinkedIn is a Microsoft-owned professional-oriented social network with more than a billion members worldwide.
Scraping refers to the automated extraction of profile data using bots or fake accounts. Some data leaks compile information sourced from scraped details, which initially raised concerns about a potential security breach.
However, official investigations later confirmed that the information originated from scraping activities rather than a direct compromise.
Fighting scrapers
In 2022, LinkedIn introduced three new mechanisms to fight fake profiles on the platform.
According to Sarah Wight, VP, Legal at LinkedIn, ProAPI continually created more than a million fake accounts to perform scraping, which LinkedIn promptly detected and restricted.
Taking matters further, LinkedIn will now hold ProAPI, Alam, and a Pakistan-based technical enabler entity named Netswift, accountable for their actions.
“We continue to invest in advanced technology and dedicated teams to stop unauthorized data scraping, and when necessary, we take aggressive legal action to prevent misuse of member information,” reads Wight’s statement.
“We have filed numerous lawsuits against scrapers over the years – every one of them resulting in a judgment prohibiting scraping, including our most recent win against ProxyCurl.”
The lawsuit, filed in California, alleges that ProAPI openly violated LinkedIn’s ToS by selling access to a tool named iScraper API, which is marketed as a real-time LinkedIn data fetcher.
According to court documents, the firm charged up to $15,000/month for 150 requests/second, indicative of the industrial-scale scraping it performed on the platform.
Alam is further accused of using invalid credit cards to sign up for Premium LinkedIn accounts, and never actually paying for the services he acquired through them.
Through the lawsuit, LinkedIn seeks a permanent injunction that will stop ProAPIs from scraping public data on LinkedIn, deletion of all scraped data, and payment of actual and exemplary damages, as well as attorney fees.
BleepingComputer has contacted ProAPIs for a comment on LinkedIn’s action, but we are still waiting for their response.
Meanwhile, the firm’s status page indicates that the iScraper API is still operational, albeit with some short outages recorded in the past 24 hours.
Join the Breach and Attack Simulation Summit and experience the future of security validation. Hear from top experts and see how AI-powered BAS is transforming breach and attack simulation.
Don’t miss the event that will shape the future of your security strategy
Source link