The BBC is reporting that the email addresses of LinkedIn users can be exposed via a web browser add on. A LinkedIn spokesman told the BBC "We are doing everything we can to shut Sell Hack down. On 31 March LinkedIn's legal team delivered Sell Hack a cease-and-desist letter as a result of several violations"
NCommander adds: Sell Hack is a plugin for Chrome that allows you to retrieve emails from LinkedIn itself. The article goes on to say that Sell Hack is complying with the cease and desist, but actual details remain somewhat light. If anyone is familiar with the inner works of this plugin, I'll amend this article to include the details.
This isn't LinkedIn's first battle with third party services
Related Stories
regift_of_the_gods writes:
"The makers of Nutshell CRM, a web-based service for managing sales leads and workflow (screenshots here), have notified their customers that they will no longer able to populate profiles with data from Linkedin accounts, after Linkedin informed Nutshell that it was violating the developer API's terms of use over a year and half after Nutshell first announced the feature. It's hard to argue that Nutshell's Linkedin integration feature does not violate the Linkedin Developer API Terms of Service (specifically section C: 'If your application falls into one or more of the following categories, you are required to be part of one of our Partner Programs and have a signed agreement with LinkedIn... applications used for hiring, marketing, or sales...').
However, Nutshell's CEO says Linkedin representatives also informed him they weren't accepting applications for their Partner Program from CRM vendors at this time, leaving Salesforce and Microsoft (Dynamics) as Linkedin's sole partners in that space. Also, the TOS page notes it was last revised in August 2013; it's not immediately clear whether this clause was in place when Nutshell first announced Linkedin integration in May 2012. The CEO of Zartis, which runs a web service for tracking applicants, blogged his layman's interpretation of Linkedin's Developer API TOS sometime in 2013; his post makes no mention of a prohibition for sales or marketing."
(Score: 5, Insightful) by The Mighty Buzzard on Thursday April 03 2014, @12:45AM
My rights don't end where your fear begins.
(Score: 2) by edIII on Thursday April 03 2014, @01:06AM
Mod parent up.
LinkedIn is a ridiculous corporation that screams bloody murder when stuff like this happens.
From all the articles it's abundantly clear they have no idea whatsoever about how to have proper working security with their APIs. With that many security holes and instances of information leakage they need to stop bitching as if it's other people's fault.
It isn't. If you can't stop somebody from getting at the information with stupid low-level hacks you don't belong in the business you are in.
Technically, lunchtime is at any moment. It's just a wave function.
(Score: 0) by Anonymous Coward on Thursday April 03 2014, @01:14AM
From reading the article it seems to me that linkedins complaint is not actually about the e-mail thingy (which it doesn't seem to extract from linkedin) bu the fact that it harvests the end users linkedin data, it's spyware targeting their platform. Seems like a good thing to object to imo.
(Score: 3, Insightful) by Ethanol-fueled on Thursday April 03 2014, @01:20AM
You can't go to any Linkedin profile anymore without being redirected to a login/create account page. 100% of the time, when not too long ago they'd at least let you view 1 or 2 profiles without the redirect.
Fuck 'em. If you're good enough at anything except social media you don't need a Linkedin account to get hired anyway.
(Score: 0) by Anonymous Coward on Thursday April 03 2014, @01:33AM
Meh, I couldn't care less if they were a NSA funded microsoft developed version of facebook powered by the blood of sacrificed virgins. I've never been to their site, just interested in accurate discussion.
(Score: 1, Funny) by Anonymous Coward on Thursday April 03 2014, @04:26AM
I'm intrigued by this honorable service powered by sacrificed virgin blood, I wish to subscribe to your newsletter!
(Score: 5, Insightful) by Hairyfeet on Thursday April 03 2014, @02:22AM
Or better yet why not just avoid that clusterfuck? Between the malware, the data breaches, frankly it ought to be obvious to anybody with a functioning brain that LinkenIn is nothing but a piss poor badly run mess, I mean how many times do they have to royally fuck things up before its not worth messing with? if any client of mine asked for a Linkedin link I'd read them the laundry list of fuckups and tell them "I'm sorry but that website simply is too big of a security risk to use in good conscience' and that would be that.
ACs are never seen so don't bother. Always ready to show SJWs for the racists they are.
(Score: 2) by TK on Thursday April 03 2014, @02:55PM
Do you happen to have that laundry list on hand?
The fleas have smaller fleas, upon their backs to bite them, and those fleas have lesser fleas, and so ad infinitum
(Score: 2) by Hairyfeet on Sunday April 06 2014, @04:11AM
Just type "LinkedIn data breach" "LinkedIn email breach" and "LinkedIn malware" in any search engine and you'll have more than enough rope to hang anybody who wants you to use that mess. I may have it a little better than most as many come to me because I have the rep of knowing my shit so when I say "that's crap"? most go "well if the man says its crap its crap" and go on.
Then if they insist on having some sort of "anything but FB" social network I point them to G+, which does tend to be more IT/Nerd heavy and when you look at security track records Google is one of the good ones. LinkedIn has had problems almost from day one and frankly i wouldn't trust them with data about my dead dog, much less with actually useful data that could be in any way misused. Of course i found out it was shit thanks to first hand experience as i joined up soon after it was released using an email I ONLY use for clients and whadda ya know? less than 5 days after I share that account with LI this account gets buried in spam, an account that had been completely spam free before that BTW. Soon after the first of the "LI security breach" articles showed up and i got a letter from them saying "Might want to change any passwords you may have used and all that as we got pwned". I closed my account and avoided that place like the clap ever since.
ACs are never seen so don't bother. Always ready to show SJWs for the racists they are.
(Score: 5, Interesting) by chebucto on Thursday April 03 2014, @01:00AM
Also works with Firefox and Safari (a href [sellhack.com]).
It's not clear exactly how their extension worked, but it seems like they just trolled the net & made some educated guesses; it doesn't look like they exploited security-by-obscurity flaws on the part of Linkedin:
http://blog.sellhack.com/post/75825344472/why-we-b uilt-sellhack [sellhack.com]
"SellHack is an browser extension (Chrome for now) that uses magic and JavaScript to render a ‘HackIn’ button on a Social Profile’s member’s profile page next to the Connections, Message or InMail buttons below the profile picture (depending on your relationship to that person). The magic happens when you click the ‘HackIn’ button. You’ll notice the page slides down and our system starts checking publicly available data sources to return a confirmation of the person’s email address or our best guesses. I love getting an email verification, but even when we can’t verify the email address, SellHack still saves me a ton of time. I don’t have to manually create the different permutations of what the person’s email address could be (ryan@, ryano@, rodonnell@ etc). There is always an option to copy our best guesses to your clipboard where you are free to check these against Rapportive or send your intro email to the addresses we provide as BCC."
(Score: 4, Funny) by linsane on Thursday April 03 2014, @06:41AM
So it does a formatting lookup based on other examples from the company the person is at? Doesn't sound like it is abusing an api to me, I do that regularly when stalking people...
(Score: 0) by Anonymous Coward on Friday April 04 2014, @08:05AM
..strictly for the lulz, ofc.
(Score: 0) by Anonymous Coward on Thursday April 03 2014, @08:30AM
Looks like emails get exposed which conflicts with the summary that suggests it's email addresses we're talking here about... grumble grumble
(Score: 1) by RaffArundel on Thursday April 03 2014, @01:12PM
Correct, it doesn't even "hack" LinkedIn to get the address - it guesses it and then tries to confirm it with "publically accessible data", whatever that may be. It looks like a sales/lead generation tool, with the express purpose of spamming.
I wonder if everyone would be so up in arms if they didn't use "Hack In" as the button name, or have a better plug-in name than "Sell Hack".