How hackers are scraping personal data off social media August 18, 2021
Internet behaviour and permissions have changed so much that hackers don’t even need to do anything illegal anymore. People are willing to share their name, location, age, employment status, job role, relationship status and profile picture willingly and publicly. Sometimes this is all a hacker needs to profit.
Hacker Tom Liner and the great LinkedIn Data Scrape
A hacker who calls himself ‘Tom Liner’ has been making a habit of hacking the public facing side of social media platforms. Earlier this year, Liner hacked into LinkedIn and compiled a database of 700 million users. No private information was hacked or taken off LinkedIn. All Liner pulled off the site were things users were sharing willingly (name, location, age, job and relationship status).
He then created data packages containing 700 million users’ data and sold them for $5000 (£3600) each. Liner released a sample of a million records as proof of hack. He then reported that multiple ‘customers’ had bought his data packages from him.
Liner didn’t break into any servers or websites. He used an automatic programme, he wrote, to scrape LinkedIn of as much public-facing information it could find. If this process were to be done manually it would take thousands and thousands of hours. Liner did it in a matter of days.
In response, LinkedIn stated that they did not consider this a ‘data breach’ and that ‘no private LinkedIn member data was exposed’. However, they warned that ‘scraping data from LinkedIn is a violation of our Terms of Service and we are constantly working to ensure our members privacy is protected.’
Unfortunately, there’s not much more LinkedIn can do about data scraping. It is an issue that is rife and ripping through the social media industry. Hackers are making an absurd amount of money selling your data and it’s not just LinkedIn that are suffering.
Other Prominent Data Scrapes
- Shortly after Liner hacked LinkedIn, another hacker scraped 500 million profiles on the platform and sold his own packages on forums in April 2021.
- During the same month, another hacker stole 1.3 million profiles from the application Clubhouse.
- Shortly thereafter, another hacker – who, incidentally also calls himself ‘Tom Liner’ – claimed to have scraped and sold the details of 533 million Facebook users.
Facebook’s response to this monumental load of scraping is perhaps more telling than most. Their press team stated ‘data scraping is a broad industry issue’, pointing to the fact that ‘this activity happens regularly’. Facebook can’t do much about these hackers as they aren’t stealing any private data, only public data that we are sharing willingly.
It is abundantly clear that social media platforms don’t care about the hackers that are scraping or, at the very least, have no means to respond. After all, all they’re taking is information you have no problem putting out in the world. But, surely something is being done to combat scraping?
How to combat scraping?
- New GDPR (General Data Protection Regulation) rules have been introduced to make it harder for companies to collect and keep data. Previously, companies could collect data based on an IP address and sell it to other companies who use it for targeted adverts amongst other things. New GDPR rules mean consent is always required before any data can be collected.
- Instagram and Apple’s App Store have reduced the amount of data third-party developers can pull from user profiles using their app. It became common to see calculator apps acting for permission to access your contacts. This was obviously to get your data and sell it off but now this has been streamlined and stopped.
- The best way to combat scraping is to be smart with our own social profiles. If you’re worried about being scraped, keep your social profiles on private. Delete and block users you don’t know as many can be scraper bots that attach to a profile to collect data. So, monitor and screen all your connection requests before blindly accepting.
There was a time when data scraping was used beneficially (as a marketing tool to analyse pages for analytics and demographics) but now it is being used to pull massive amounts of data. Social Media platforms aren’t being terribly proactive in stopping it so the first step must come from users. From us. Remember: whatever information you put on your public profile is open for anyone to see and collect.