What is Data Scraping?
According to Cloudflare, data scraping (also known as web scraping) refers to a technique in which a computer program extracts data from output generated from another program. It also refers to the process of extracting data from a website whether it’s your own or someone else’s.
When used nefariously, hackers download sensitive information from one website and uploads it on to another – which is what recently happened to Facebook, LinkedIn, and Clubhouse. In a recent press release, LinkedIn claims “This was not a LinkedIn data breach, and no private member account data from LinkedIn was included in what we’ve been able to review.” Data breach or not, 500 million LinkedIn accounts are up for sale on the dark web that includes member ID, full names, email addresses and workplace information.
Is Data Scraping Illegal?
Technically data scraping is not illegal, but it does go against many websites’ terms and conditions. In fact, data scraping isn’t always done for immoral reasons. Some companies scrap their own websites to keep up with competitors, lead generation, and ensuring they’re offering their product at a reasonable price.
While it goes against LinkedIn and Facebook’s terms and conditions – Clubhouse noted that data scraping is legal within their app. Recently, the new social media app that lets users communicate in chat rooms through auditory communication - had 1.3 million user records scrapped from their SQL database. Among the information scraped were users’ names, photos, user IDs, and social media handles. “Clubhouse has not been breached or hacked. The data referred to is all public profile information from our app, which anyone can access via the app or our API,” Clubhouse tweeted in response to Techmeme’s tweet that the app was hacked.
Why Should You Care?
Chances are if you have an account on Facebook, LinkedIn, or Clubhouse – your information is currently being sold to the highest bidder. Should you be concerned? Absolutely. The more someone knows about your digital footprint - the easier it is for them to pose as you. Entrepreneur and cybersecurity researcher Rajshekhar Rajaharia explains to The Hindu, “Hackers are essentially combining these details and creating a complete data set which is then being sold online.” Scammers can also use your information to conduct phishing attacks and email scams.
What Should You Do if Your Data was ‘Scraped’?
If you were one of the 533 million Facebook users (yes you read that right) whose information was leaked – or you have an account with LinkedIn or Clubhouse – there’s steps you can do to minimize the damage and prevent something similar from happening in the future.
- Act like your data was breached and change your passwords immediately. Use a mixture of letters, numbers, and symbols and be sure to change your password every few months. It’s also a good idea not to use the same password for multiple accounts.
- Make sure you pick hard security questions that can’t be found on any public profile.
- Check sites like “Have I Been Pwned”
- If you think sensitive information was stolen like your social security number or credit card information – call one of the three national credit reporting agencies (TransUnion, Experian, and Equifax) and ask the to freeze your accounts. This means that no one can apply for any credit cards, loans or grants in your name for 90 days. This will give you time to assess the damage.
It’s important that you stay vigilant when giving out sensitive information on the internet. Always read the terms and conditions and make sure that you’re giving your information to a reputable company. That doesn’t mean that they cannot be the victims of data breaches – but chances are they have invested in software to prevent these types of attacks from happening and are serious about protecting your data.