LinkedIn is suing hackers for using Amazon EC2 to create fake member profiles
LinkedIn is suing hackers for using Amazon's cloud to make fake member profiles and steal data from real profiles.Wikimedia Commons

LinkedIn has filed a lawsuit against hackers who have been using Amazon's cloud platform to run automated software, creating fake accounts with data stolen from real profile pages.

According to the complaint, filed in the US District Court in Northern California, the unnamed hackers used Amazon's Elastic Compute Cloud (Amazon EC2) to "rent virtual computers", which were used in May and June 2013 to run automated bots that bypassed LinkedIn's security measures to create thousands of fake member profiles.

Amazon has not been named as a defendant, however, but subpoenas will be served in relation to EC2 to identify who the hackers are.

"This practice, known as 'scraping,' is explicitly barred by LinkedIn's User Agreement, which prohibits access to LinkedIn 'through scraping, spidering, crawling, or other technology or software used to access data without the express written consent of LinkedIn or its Members'," states LinkedIn's lawyer Jonathan Blavin in the complaint.

Hundreds of thousands of accounts scalped

Since LinkedIn limits the volume of activity an individual account may have, by registering numerous accounts, the hackers have been able to view hundreds of thousands of member profiles per day, thus undermining the privacy of users on the site, as well as LinkedIn's paid Recruiter service, which is LinkedIn's fastest growing product.

The documents state that the networking site's engineers discovered that the hackers were able to circumvent restrictions imposed by LinkedIn in a robots.txt file and were also able to avoid the Captcha user identification test that is supposed to stop automated bots from gaining access to the site.

This is not the first time that the Amazon EC2 has been taken advantage of. The hackers behind the Sony PlayStation Network attack in 2011 used the Amazon cloud service to siphon off personal details of over 80 million users.

Sony was fined £250,000 by the UK data protection network for failing to adequately protect the personal data being stored on its servers.

Twitter and Facebook have also been fighting a war against fake accounts, with Twitter estimating that fake accounts make up under 5% of monthly active users, while Facebook believes that there are 83 million fake or duplicate accounts on its network.

In December 2013, Facebook began deleting fake accounts responsible for bogus "Likes" on Fan Pages, in an attempt to remove spam.