47 Comments

Summary:

Are you finding your in-box flooded with LinkedIn requests? That may be because some people are sending out the invitations against their will, according to a lawsuit that accuses the site of hacking users’ email programs.

linkedin_2-300x206

In a damning class action complaint, LinkedIn users are accusing the company of “tunneling” into their email accounts in order to repeatedly spam anyone who has ever had had contact with them.

The complaint, filed this week in Los Angeles, accuses LinkedIn of violating laws related to hacking, wire-tapping and false endorsements. Users say the social network’s marketing practices have given rise to fear and embarrassment as a result of emails sent to business associates, ex-spouses and, in one instance, a mentally ill former contact.

The claims draw attention both to email privacy rights, and to the tactics underlying LinkedIn’s aggressive growth strategy.

Update: LinkedIn has responded with a blog post that states, “Claims that we “hack” or “break into” members’ accounts are false.”

“Breaking into” email accounts

According to the complaint, LinkedIn prompts users to enter an email address, and then uses the information to download every account from a user’s account such as Gmail or Yahoo. LinkedIn is allegedly able to do this so long as the user are logged into the email provider; if they are not, LinkedIn suggests they log-in:

users sign up for LinkedIn they are required to provide an external email address as their username and to setup a new password for their Linkedln account. LinkedIn uses this information to hack into the user’s external email account and extract email addresses. If a LinkedIn user leaves an external email account open, LinkedIn pretends to be that user and downloads the email addresses contained anywhere in that account to Linkedln’s servers. Linkedln is able to download these addresses without requesting the password for the external email accounts or obtaining users’ consent.

LinkedIn does not require the password to the email account, but is nonetheless able to download not just an “address book” but any address ever sent or received. The complaint says the tactic was a deliberate strategy by LinkedIn to add users and make money, and cites a former engineer who boasts of “hacking.” Here are screenshots (the engineer’s profile is still up here)

LinkedIN screenshot

Screenshot linked in hacking

LinkedIn has told Bloomberg, which reported the complaint, that the lawsuit is without merit.

Thousands of invitations

The heart of the complaint involves LinkedIn’s practice of encouraging people to invite others to their network when they sign up with the service or, if they’re existing members, to expand their network.

If a user agrees, LinkedIn sends out an “invitation to connect” to all of the user’s contacts. If the contacts don’t respond, the service then send outs out two more reminder emails.

According to the complaint, the LinkedIn sign up process is deceptive and doesn’t clearly inform users that it will “spam” their contacts. The plaintiffs are a former ad manager for the New York Times, a professor, a lawyer and a movie producer. Their complaint, which is a request to sue on behalf other LinkedIn users across America, also object to the fact that LinkedIn does not provide an easy way to retract the multiple follow-up invitations.

The complaint also claims that LinkedIn often emails thousands of messages without disclosing it will do so:

Since Linkedln routinely takes well over 1,000 email addresses from a user’s external email account, it displays only a very small fraction of those email addresses on the “Why not invite some people?” screen.

The practice has given rise to hundreds of complaints on LinkedIn’s own website, says the claim, from people who accuse the company of sending spam, and putting them in embarrassing personal and professional situations:

I’m not the only one being hacked by linkedin, but extremely upset at the repercussions. one of the people on my contact list is mentally ill and the last thing I wanted was to invite her to be my connection on linkedin.

The lawsuit says the practice amounts to a violation of the Wiretap Act, the Stored Communications Act and a variety of California privacy and right of publicity laws. The suit seeks millions in damages, in part by noting that, on LinkedIn’s own pricing scheme, it costs $10 to send an email to someone with whom a user is not connected.

A growth strategy for LinkedIn

LinkedIn’s aggressive email solicitations are part of a strategy to boost revenue by increasing its user base, according to the complaint. The increase in users allegedly makes it easier for the company to pull in more money from its three revenue sources: selling its database to job recruiters; advertising to users; selling premium accounts to subscribers.

LinkedIn is not the only company that has come under fire for using invasive tactics to grow its user base. Path, a photo-based social network, has been criticized for scraping users contact lists in order to send messages to promote the app.

LinkedIn, meanwhile, has long been a hit with investors though in, recent months, the media has expressed more skepticism with stories like “All LinkedIn with Nowhere to go.”

Here’s the complaint. I’ve underlined the key legal bits and some of the juicy stuff:

LinkedIn Hacking

You’re subscribed! If you like, you can update your settings

  1. Very interesting…

  2. Load of rubbish. LinkedIn makes it clear that this is what it is requesting when it does this.

    It is about the only ‘useful’ social media site there is…

    Brian

    1. I know a person who was victimized by this. Shareholders before customers – not a good philosophy if you want to keep customers.

    2. Yah, I agree. LinkedIn has become a load of rubbish. LinkedIn does NOT make it clear what it is requesting. Let’s see what the court thinks. LinkedIn is useful, but only to the extent that it’s a very good electronic phonebook. The rest is a scam of epic proportions. If you don’t realize all LinkedIn wants is to sell personal data, then I’d like to sell you a keyword for $100 (six for $500).

    3. I’m not so sure it is rubbish. I think the heart of the matter is it wasn’t quite clear what you were allowing LinkedIn when you made the “choice” to share your email contacts, so you can connect on LinkedIn with other professionals. I’ve been bombarded with a ton of people accepting my invitation to connect when it was not my intention to connect with half these people.

      Regardless, of whether the “sharing” of email contacts was clear or not, I find it extremely unclear how to “unshare” my list of email contacts LinkedIn now has.

    4. I guess that depends on how you define ‘useful’…

  3. I’ve seen people that have just emailed me, that aren’t a first or second tier contact and definitely not in my address book show up immediately in LinkedIn as a suggested connection. For example, company reps using their company email address.

  4. Does LinkedIn primarily make their money thru Ads, if so what do you expect a Ad revenue company to do. The customer is the product, to be sold to the highest bidder,
    similar to Google farming Free Gmail accounts for information. Your privacy isn’t their concern.

  5. Spam is spam is spam. I gave up on Linkedin when the automatically created a profile that said I worked for Google because I had Gmail address.

  6. I found that Facebook did the same thing when I joined. Their lack of integrity is why I never used Facebook.

  7. Christopher Mowers Saturday, September 21, 2013

    Hmmm… When are people outside the industry going to understand that “hacking” doesn’t mean anything illicit. Hence, hackathon…look it up.

  8. Where do we sign up?

  9. A friend of mine kept sending me requests from his linkedin account. This went on for months. I thought he was pranking. He swore he has not sending them.

    Now we know,

  10. Also, if you have not logged out of your LinkedIn account and you search for a person’s name in a search engine, such as Google, it appears that you have viewed that person’s LinkedIn profile when you have not. http://community.linkedin.com/questions/77445/linked-in-recording-a-visit-to-a-profile-just-from.html

Comments have been disabled for this post