LinkedIn Hack Extension Disabled

News Article - Thursday, 03 April 2014 12:09

By: Kerry Butters Category: Security

A browser extension which allowed users to scrape hidden LinkedIn email addresses has been disabled by its makers after a cease and desist notice was issued by the professional networking site.

The extension, known as ‘Sell Hack’, allowed users to access the email address that was associated with each account, even if wasn’t visible to the public. When a user visited a profile, a ‘hack in’ button popped up. Whilst the company behind the product claimed that the data accessed was all publically available, LinkedIn, and no doubt many users, didn’t agree and threatened legal action.

Sell Hack has now disabled the plugin, saying that it is "building a better product that does not conflict with LinkedIn’s TOS”.

On the Sell Hack blog , the company further defended itself, saying that its intentions were never nefarious and that the team is made up of "dads from the midwest who like to build web and mobile products that people use”.

The extension was created for marketing professionals, it was further pointed out.

However, is this really good enough in an era when we all have concerns surrounding our privacy, especially when it comes to social networks and in the wake of the NSA scandal?

"We are doing everything we can to shut Sell Hack down. On 31 March LinkedIn's legal team delivered Sell Hack a cease-and-desist letter as a result of several violations," a spokesman for LinkedIn told the BBC .

"LinkedIn members who downloaded Sell Hack should uninstall it immediately and contact Sell Hack requesting that their data be deleted."

Whilst initial reports suggested that the extension exposed security vulnerabilities on LinkedIn, further investigation has revealed this not to be the case. It seems that instead, it "made use of publicly available information on the net combined with "best guesses” to determine the likely contact details for an individual,” according to security expert Graham Cluley .

He goes on to point out that the "Sell Hack team might do well to be a little more transparent if they release new versions of the tool, and be clearer about what they are doing and what they aren’t doing, if they want to gain the trust of internet users.”

It will be interesting to see if users of the tool continue using any new version that Sell Hack may release in the wake of the incident considering the privacy issues that the extension brings up. Currently, the tool can’t be described as ‘white hat’, so this will no doubt sway most genuine internet marketers away from using the plugin.

LinkedIn users tend to be professionals and the site is also often used for recruitment purposes.

Recent Articles