A startup business which develops a JavaScript-based plug-in made headlines early this week for what has been described as a “nefarious” activity of scouring the personal email address of LinkedIn users. Turns out, there was a slight misconception about what really happened with the exposed email addresses, or how they were collected.
The legal team from LinkedIn, however, had done their job and ordered the Sell Hack team to pull the plug on its browser add-on that reportedly scrapes email address associated with millions of LinkedIn accounts. The cease-and-desist verdict stems from recent complaints that the Java tool is built to bring personally identifiable information to the open without prior consent of the user.
How the plug-in works
Sell Hack explains how the browser extension works. Once the plug-in is installed in any of the Chrome, Safari and Firefox browsers, a “Hack In” option is displayed for users to search for the profile owner’s email address. However, the extension does not perform the search through LinkedIn’s inner system but via an algorithm that scrapes publicly available data that Sell Hack’s automated system may deem to be connected with the profile page in question. In other words, if a user has opened access to his or her email address somewhere else on the Web, chances are, Sell Hack will be able to locate that data and display the result to the one who clicked the Hack In button.
Read also: Is Intro Really Safe? LinkedIn Tries to Dispel Security Fears
So the plug-in does not work everytime you try to search for a LinkedIn user’s email address. If that user is so secretive about his or her online identity, that will be the case. But there is a 100 percent chance that the tool will work if the profile in question belongs to a popular personality such as company executives, which dominate the LinkedIn world.
Sell Hack said in its blog:
“You’ll notice the page slides down and our system starts checking publicly available data sources to return a confirmation of the person’s email address, or our best guesses.”
The Sell Hack team has immediately taken down the extension, which as of this posting no longer is available on any LinkedIn profile page. The startup also said all data that have been gathered for the past two months were removed from its system storage.
LinkedIn also admitted that no sensitive data of its members has been compromised, a reassuring statement that the Sell Hack plug-in did not violate its policies whatsoever.
It can be recalled that LinkedIn in September 2013 faced court charges over complaints that it hacked into the address books of its members and then went on to send spam messages as part of an unsolicited marketing campaign. The spring cleaning and policing, therefore, should always begin at home, in this case within LinkedIn’s system before it raises the alarm on third-party applications.
Disclosure: We might earn commission from qualifying purchases. The commission help keep the rest of my content free, so thank you!