Tuesday, April 1, 2014

Email addresses of LinkedIn users exposed via a web browser add-on tool



I hope you are not using the same Email address for all your important accounts. (Are you?)

As usual, LinkedIn is defensive and goes the usual route of threatening Sell Hack. 
Why not take the easy way of conding securely, that should save a lot of trouble.


According to the article:- 

Sell Hack is available as a free extension to the Chrome browser that, once installed, will pop up a "hack in" button on LinkedIn profiles.

Sell Hack insisted that the the tool was created for marketing professionals and that all data is publicly available.

But the social network for professionals did not agree.

"We are doing everything we can to shut Sell Hack down. On 31 March LinkedIn's legal team delivered Sell Hack a cease-and-desist letter as a result of several violations," a spokesman told the BBC.

The link below has more information:-



Update-1



The plug-in seems to collecting publicly available data and it looks like LinkedIn is trying to help the users but, I am not sure anything can be done since, the data is anyway public.

(from: http://www.tripwire.com/state-of-security/top-security-stories/sell-hack-plug-really-reveal-email-addresses-linkedin/ )

And that is likely the case, according to Yahoo columnist Alyssa Bereznak, who writes that the application reveals the account holders email address “by running through an algorithm while you’re on a person’s LinkedIn page. The algorithm checks publicly available data to produce that person’s email address, or at least its very best guess.”

(Here is the scary part)
Why all the fuss if the Sell Hack does not compromise LinkedIn’s security? Apparently when the plug-in is installed, users must grant it permissions which allow the software to monitor users’ activity and harvest data.

“The catch is, even after you’ve used SellHack, the extension is able to watch your activity on the site and collect the information of any direct connection whose page you’ve decided to visit,” wrote Bereznak. “What it’s using this information for is unclear.”

No comments:

Post a Comment