September 23, 2013
LinkedIn Sued For Hacking Users’ Emails
Michael Harper for redOrbit.com - Your Universe Online
LinkedIn, the social network for professionals, has been hit with a class action lawsuit by users who claim the company hacked into their email address books. Users who are a part of the lawsuit say the company emailed their contacts on their behalf and invited recipients to join the network.
In a blog post, LinkedIn denounces the arguments and says they never email contacts without a user’s permission.
LinkedIn requires new users to enter an external email before they can begin using the service, a common practice used by nearly every website. The plaintiffs in the lawsuit say the professional network then uses this email address to send out invitations on behalf of the users if they forget to sign out of their inbox.
“LinkedIn pretends to be that user and downloads the e-mail addresses contained anywhere in that account to LinkedIn’s servers,” reads the complaint which was published by Bloomberg. “LinkedIn is able to download these addresses without requesting the password for the external e-mail accounts or obtaining users’ consent.”
This alleged practice becomes even more troublesome when former bosses, clients or spouses are contacted on behalf of the user.
“Not only does LinkedIn send an initial email to the email addresses obtained from a user's external email account, but LinkedIn sends two additional emails to those email addresses when those users do not sign up for a LinkedIn account. Each of these reminder emails contains the LinkedIn member's name and likeness so as to appear that the LinkedIn member is endorsing LinkedIn. These reminder emails are sent to the email addresses obtained from the member's external email account without notice or consent from the LinkedIn member,” continues the complaint.
LinkedIn refutes these claims, insisting that they do not break into users’ email accounts to send any emails. Furthermore, they say any emails to a user’s contacts are sent with permission.
“We do not access your email account without your permission. Claims that we “hack” or “break into” members’ accounts are false,” writes Blake Lawit, LinkedIn’s senior director of litigation in a company blog post.
“We do give you the choice to share your email contacts, so you can connect on LinkedIn with other professionals that you know and trust. We will continue to do everything we can to make our communications about how to do this as clear as possible.”
The complaint also points to a former LinkedIn employee who used his profile to brag about his job which allowed him to devise “hack schemes to make lots of $$$ with Java, Groovy and cunning.” According to a LinkedIn spokesperson, the engineer in question left in May 2012.
Following last year’s massive data leak and user password dump, some LinkedIn customers filed a class action lawsuit against the network for their allegedly lax attitude towards protecting user data. LinkedIn acknowledged their servers had been hacked on June 6, 2012 , an attack which left more than six million passwords vulnerable. The network claimed only four percent of users were affected by this leak.