3 Comments

Summary:

LinkedIn says it will take legal action against a site that lets anyone “Hack In” to find users’ email addresses. That’s good news, but also raises the question of why its possible to “hack in” in the first place.

linkedin

LinkedIn is urging people to stay away from Sell Hack, a sinister-sounding service that reveals the personal email address of anyone with a profile on the professional network. LinkedIn is warning that the service’s “Hack In” tool uploads confidential information, and says it has sent Sell Hack a cease-and-desist letter. [Update: in a blog post, Sell Hack says it has disabled the button]

Sell Hack is marketing the “Hack In” button to salespeople looking to reach new prospects. The company’s website claims that people who install its plug-in will be able to use the button to view the email contact of LinkedIn members with whom they’re not connected, such as LinkedIn CEO Jeff Weiner:

Hack In screenshot

The tool apparently works. Yahoo Tech, which first reported the story, posted screenshots of the “Hack In” button to show how it was easy to obtain the personal email of the “Princeton Mom.”

LinkedIn is not impressed. In an email statement, a spokesperson said the company sent Sell Hack a legal warning over “several violations.” It also cautioned its users:

We advise LinkedIn members to protect themselves and to use caution before downloading any third-party extension or app. Often times, as with the Sell Hack case, extensions can upload your private LinkedIn information without your explicit consent.

That’s not bad advice considering that little good comes out of installing mystery plug-ins, but one has to wonder what the heck is going on beyond LinkedIn’s curtain in the first place. As Emil Protalinski put it, “this type of trickery shouldn’t be possible in the first place.” It’s hard to imagine such stunts would be possible at Facebook or Google.

In a follow-up message, LinkedIn stated: “Sell Hack is not the result of a security breach, bug or vulnerability. No member data has been put at risk as a result of Sell Hack. LinkedIn is doing everything it can to shut Sell Hack down.”

Recall that LinkedIn is also facing a class action for allegedly “breaking into” user emails, and is also beating off another mysterious company that is using bots to steal its user profiles. Perhaps it’s time for the company to devote a little more time to security, instead of bombarding users with “endorsement” opportunities.

This story was updated at 11:55pmET to include LinkedIn’s further comment.

  1. “Perhaps its time for the company to devote a little more time to security, instead of bombarding users with “endorsement” opportunities.”

    A huge Amen to that.

    Share
  2. chris Andrews Wednesday, April 2, 2014

    Most linkedin members love linkedin, so back to basics guys…sort it out

    Share
  3. Montgomery Slade Wednesday, April 2, 2014

    Other than the poor name choice (Sell Hack sounds nefarious) these guys have done nothing wrong… or unique for that matter. There are half a dozen Chrome plug-ins that do the same thing. Derive and validate an email based on your name & company or use a social profile lookup service to get the emails associated with the public LinkedIn profile.

    Share

Comments have been disabled for this post