The BBC is reporting that the email addresses of LinkedIn users can be exposed via a web browser add on. A LinkedIn spokesman told the BBC "We are doing everything we can to shut Sell Hack down. On 31 March LinkedIn's legal team delivered Sell Hack a cease-and-desist letter as a result of several violations"
NCommander adds: Sell Hack is a plugin for Chrome that allows you to retrieve emails from LinkedIn itself. The article goes on to say that Sell Hack is complying with the cease and desist, but actual details remain somewhat light. If anyone is familiar with the inner works of this plugin, I'll amend this article to include the details.
This isn't LinkedIn's first battle with third party services
Mod parent up.
LinkedIn is a ridiculous corporation that screams bloody murder when stuff like this happens.
From all the articles it's abundantly clear they have no idea whatsoever about how to have proper working security with their APIs. With that many security holes and instances of information leakage they need to stop bitching as if it's other people's fault.
It isn't. If you can't stop somebody from getting at the information with stupid low-level hacks you don't belong in the business you are in.
From reading the article it seems to me that linkedins complaint is not actually about the e-mail thingy (which it doesn't seem to extract from linkedin) bu the fact that it harvests the end users linkedin data, it's spyware targeting their platform. Seems like a good thing to object to imo.
You can't go to any Linkedin profile anymore without being redirected to a login/create account page. 100% of the time, when not too long ago they'd at least let you view 1 or 2 profiles without the redirect.
Fuck 'em. If you're good enough at anything except social media you don't need a Linkedin account to get hired anyway.
Meh, I couldn't care less if they were a NSA funded microsoft developed version of facebook powered by the blood of sacrificed virgins. I've never been to their site, just interested in accurate discussion.
I'm intrigued by this honorable service powered by sacrificed virgin blood, I wish to subscribe to your newsletter!
Or better yet why not just avoid that clusterfuck? Between the malware, the data breaches, frankly it ought to be obvious to anybody with a functioning brain that LinkenIn is nothing but a piss poor badly run mess, I mean how many times do they have to royally fuck things up before its not worth messing with? if any client of mine asked for a Linkedin link I'd read them the laundry list of fuckups and tell them "I'm sorry but that website simply is too big of a security risk to use in good conscience' and that would be that.
Do you happen to have that laundry list on hand?
Just type "LinkedIn data breach" "LinkedIn email breach" and "LinkedIn malware" in any search engine and you'll have more than enough rope to hang anybody who wants you to use that mess. I may have it a little better than most as many come to me because I have the rep of knowing my shit so when I say "that's crap"? most go "well if the man says its crap its crap" and go on.
Then if they insist on having some sort of "anything but FB" social network I point them to G+, which does tend to be more IT/Nerd heavy and when you look at security track records Google is one of the good ones. LinkedIn has had problems almost from day one and frankly i wouldn't trust them with data about my dead dog, much less with actually useful data that could be in any way misused. Of course i found out it was shit thanks to first hand experience as i joined up soon after it was released using an email I ONLY use for clients and whadda ya know? less than 5 days after I share that account with LI this account gets buried in spam, an account that had been completely spam free before that BTW. Soon after the first of the "LI security breach" articles showed up and i got a letter from them saying "Might want to change any passwords you may have used and all that as we got pwned". I closed my account and avoided that place like the clap ever since.
Also works with Firefox and Safari (a href [sellhack.com]).
It's not clear exactly how their extension worked, but it seems like they just trolled the net & made some educated guesses; it doesn't look like they exploited security-by-obscurity flaws on the part of Linkedin:
So it does a formatting lookup based on other examples from the company the person is at? Doesn't sound like it is abusing an api to me, I do that regularly when stalking people...
..strictly for the lulz, ofc.
Looks like emails get exposed which conflicts with the summary that suggests it's email addresses we're talking here about... grumble grumble
Correct, it doesn't even "hack" LinkedIn to get the address - it guesses it and then tries to confirm it with "publically accessible data", whatever that may be. It looks like a sales/lead generation tool, with the express purpose of spamming.
I wonder if everyone would be so up in arms if they didn't use "Hack In" as the button name, or have a better plug-in name than "Sell Hack".