The BBC is reporting that the email addresses of LinkedIn users can be exposed via a web browser add on. A LinkedIn spokesman told the BBC "We are doing everything we can to shut Sell Hack down. On 31 March LinkedIn's legal team delivered Sell Hack a cease-and-desist letter as a result of several violations"
NCommander adds: Sell Hack is a plugin for Chrome that allows you to retrieve emails from LinkedIn itself. The article goes on to say that Sell Hack is complying with the cease and desist, but actual details remain somewhat light. If anyone is familiar with the inner works of this plugin, I'll amend this article to include the details.
This isn't LinkedIn's first battle with third party services
Related Stories
regift_of_the_gods writes:
"The makers of Nutshell CRM, a web-based service for managing sales leads and workflow (screenshots here), have notified their customers that they will no longer able to populate profiles with data from Linkedin accounts, after Linkedin informed Nutshell that it was violating the developer API's terms of use over a year and half after Nutshell first announced the feature. It's hard to argue that Nutshell's Linkedin integration feature does not violate the Linkedin Developer API Terms of Service (specifically section C: 'If your application falls into one or more of the following categories, you are required to be part of one of our Partner Programs and have a signed agreement with LinkedIn... applications used for hiring, marketing, or sales...').
However, Nutshell's CEO says Linkedin representatives also informed him they weren't accepting applications for their Partner Program from CRM vendors at this time, leaving Salesforce and Microsoft (Dynamics) as Linkedin's sole partners in that space. Also, the TOS page notes it was last revised in August 2013; it's not immediately clear whether this clause was in place when Nutshell first announced Linkedin integration in May 2012. The CEO of Zartis, which runs a web service for tracking applicants, blogged his layman's interpretation of Linkedin's Developer API TOS sometime in 2013; his post makes no mention of a prohibition for sales or marketing."
(Score: 5, Insightful) by The Mighty Buzzard on Wednesday April 02 2014, @08:45PM
123
456
789
(Score: 2) by edIII on Wednesday April 02 2014, @09:06PM
Mod parent up.
LinkedIn is a ridiculous corporation that screams bloody murder when stuff like this happens.
From all the articles it's abundantly clear they have no idea whatsoever about how to have proper working security with their APIs. With that many security holes and instances of information leakage they need to stop bitching as if it's other people's fault.
It isn't. If you can't stop somebody from getting at the information with stupid low-level hacks you don't belong in the business you are in.
(Score: 0) by Anonymous Coward on Wednesday April 02 2014, @09:14PM
From reading the article it seems to me that linkedins complaint is not actually about the e-mail thingy (which it doesn't seem to extract from linkedin) bu the fact that it harvests the end users linkedin data, it's spyware targeting their platform. Seems like a good thing to object to imo.
(Score: 3, Insightful) by Ethanol-fueled on Wednesday April 02 2014, @09:20PM
You can't go to any Linkedin profile anymore without being redirected to a login/create account page. 100% of the time, when not too long ago they'd at least let you view 1 or 2 profiles without the redirect.
Fuck 'em. If you're good enough at anything except social media you don't need a Linkedin account to get hired anyway.
(Score: 0) by Anonymous Coward on Wednesday April 02 2014, @09:33PM
Meh, I couldn't care less if they were a NSA funded microsoft developed version of facebook powered by the blood of sacrificed virgins. I've never been to their site, just interested in accurate discussion.
(Score: 1, Funny) by Anonymous Coward on Thursday April 03 2014, @12:26AM
I'm intrigued by this honorable service powered by sacrificed virgin blood, I wish to subscribe to your newsletter!
(Score: 5, Insightful) by Hairyfeet on Wednesday April 02 2014, @10:22PM
Or better yet why not just avoid that clusterfuck? Between the malware, the data breaches, frankly it ought to be obvious to anybody with a functioning brain that LinkenIn is nothing but a piss poor badly run mess, I mean how many times do they have to royally fuck things up before its not worth messing with? if any client of mine asked for a Linkedin link I'd read them the laundry list of fuckups and tell them "I'm sorry but that website simply is too big of a security risk to use in good conscience' and that would be that.
(Score: 2) by TK on Thursday April 03 2014, @10:55AM
Do you happen to have that laundry list on hand?
The fleas have smaller fleas, upon their backs to bite them, and those fleas have lesser fleas, and so ad infinitum
(Score: 5, Interesting) by chebucto on Wednesday April 02 2014, @09:00PM
Also works with Firefox and Safari (a href [sellhack.com]).
It's not clear exactly how their extension worked, but it seems like they just trolled the net & made some educated guesses; it doesn't look like they exploited security-by-obscurity flaws on the part of Linkedin:
http://blog.sellhack.com/post/75825344472/why-we-b uilt-sellhack [sellhack.com]
"SellHack is an browser extension (Chrome for now) that uses magic and JavaScript to render a ‘HackIn’ button on a Social Profile’s member’s profile page next to the Connections, Message or InMail buttons below the profile picture (depending on your relationship to that person). The magic happens when you click the ‘HackIn’ button. You’ll notice the page slides down and our system starts checking publicly available data sources to return a confirmation of the person’s email address or our best guesses. I love getting an email verification, but even when we can’t verify the email address, SellHack still saves me a ton of time. I don’t have to manually create the different permutations of what the person’s email address could be (ryan@, ryano@, rodonnell@ etc). There is always an option to copy our best guesses to your clipboard where you are free to check these against Rapportive or send your intro email to the addresses we provide as BCC."
(Score: 4, Funny) by linsane on Thursday April 03 2014, @02:41AM
So it does a formatting lookup based on other examples from the company the person is at? Doesn't sound like it is abusing an api to me, I do that regularly when stalking people...
(Score: 0) by Anonymous Coward on Thursday April 03 2014, @04:30AM
Looks like emails get exposed which conflicts with the summary that suggests it's email addresses we're talking here about... grumble grumble
(Score: 1) by RaffArundel on Thursday April 03 2014, @09:12AM
Correct, it doesn't even "hack" LinkedIn to get the address - it guesses it and then tries to confirm it with "publically accessible data", whatever that may be. It looks like a sales/lead generation tool, with the express purpose of spamming.
I wonder if everyone would be so up in arms if they didn't use "Hack In" as the button name, or have a better plug-in name than "Sell Hack".