Why Your Data is Not Really Ever Safe

Scrapers gonna scrape

Key Takeaways

  • Last week, LinkedIn responded to new allegations of a data breach by explaining that user data recently discovered for sale online had been obtained through data scraping.
  • Scraping is when companies use automated programs to “scrape” the web for public information, unlike a breach where private data is accessed.
  • Scraping is generally legal, but experts say there are still privacy concerns.
Closeup of a smartphone showing the LinkedIn app (German version) with a LinkedIn logo on a screen behind it.

DeFodi Images / Getty Images

After news spread quickly last week that the data of 700 million LinkedIn users had reportedly been found for sale on the web, consumers soon learned the alleged data breach was actually the result of scraping—something experts say is different from a breach and can’t be easily avoided.

With a contentious history dating back to the aughts, data scraping (or web scraping) is essentially the automated collection of public-facing data from websites on the internet. Although not always a bad thing depending on its use, scraping can carry privacy risks when it involves personal information.

"Everyone needs to realize that the minute you turn your phone on, your data is going everywhere," Raffaele Mautone, CEO and founder of AaDya Security, a cybersecurity firm that works with small to midsize businesses, told Lifewire in a phone interview. "I always say that to people, and they're in shock that they somehow can’t protect their data."

Signing Your Data Away

According to Mautone, users often agree to give up rights to their data when they sign up for new accounts online—leaving data open to automated scraping programs that will collect it, sometimes for companies that will then sell it or use it for marketing.

"You know that little button we all click 'accept' and probably don’t read the 400 pages that are behind it? ...It fundamentally says that [the company] can use your data however they want," Mautone said. "So I think as consumers, or even businesses, we need to really understand that's the baseline, and there's really not a way to get around it."

Someone using a tablet to read "Terms and Conditions" with a paper document and keyboard in the background.

juststock / Getty Images

Because of that, much of the information users post online becomes available for sale, often to data brokers or marketers looking to advertise products. That even goes for public-facing information on social media profiles, like the data that was recently scraped from LinkedIn.

"There are so many companies out there that scrape data, pull data, go to different sources for data—and ultimately will find your name, your address, your phone number, your email address," Mautone said.

How Data Breaches Are Different

While web scraping is the process of collecting public-facing data online, such as information from public profiles, Mautone said data breaches involve hackers accessing sensitive user information stored by the company, but not publicly accessible. That includes information like credit card numbers, social security numbers, and passwords.

"A data breach means that they actually got your [private] information," Mautone says. "As an example, three weeks ago we saw that millions of logins and passwords were dumped on the dark web. That means they were able to either breach the company or that they were able to get into the network or database and pull all that information."

Mautone says breaches usually occur as a result of phishing, where hackers trick individuals or even employees at companies with malicious links in fraudulent messages that appear to come from someone the target knows, like a family member or friend.

"Everyone needs to realize that the minute you turn your phone on, your data is going everywhere."

Improving Your Security

Although there’s no perfect or absolute way to protect data online, Mautone said there are steps consumers can take to protect themselves against breaches and scraping.

Mautone recommended being more cautious about the information they provide to companies—even down to email addresses.

"You see a lot of professionals not using their corporate email addresses or contact information that's tied to their business [on their social accounts]," Mautone said, explaining that using an alternate email account on social media can help shield users from being targeted if their email address is scraped or obtained by hackers.

Mautone also advised that users turn on multi-factor authentication, activate banking alerts, and make sure to lock down their social security numbers with the credit bureaus to prevent identity theft in the event of a data breach.

Users also should become familiar with the privacy settings on the social networking apps they use, according to Mautone, and think carefully about the information they choose to make public online.

"As a user of any application, what data do you want to be seen? Because ultimately, it will," Mautone said.

Was this page helpful?