April 2, 2014

Browser Extension Reveals Personal Email Addresses Of LinkedIn Members

redOrbit Staff & Wire Reports - Your Universe Online

The personal email addresses of LinkedIn's 260 million users can be easily obtained by installing a web browser add-on tool known as SellHack.

The free browser extension is remarkably easy to use, and is compatible with Chrome, Firefox and Safari. Once installed, it displays a pop up "Hack In" button on LinkedIn profiles, from which users can find the personal email addresses associated with any LinkedIn account -- even those of members to whom they have no connections.

However, this doesn’t mean SellHack is breaking into LinkedIn’s secure systems. Rather, the browser extension runs through an algorithm as a SellHack users visits a person’s LinkedIn page. The algorithm checks publicly available data to produce that person’s email address, or at least an educated guess.

“Once you install the browser extension, anytime you go to a Social profile page, you'll see a 'Hack In' button. If you click the button, we'll start to run the profile against our data sources. Often, we can return a validated email for you. If we don't received a validation response, we'll present a 'copy all' button to copy & paste the list for your own uses,” the SellHack website reads.

However, the extension is not without its downside. According to Yahoo Tech, which first reported the issue of SellHack, the browser extension watches where its users go, and gathers data from any site that is visited. However, it is not clear how this information is being used.

SellHack says it isn’t doing anything illegal, and isn’t stealing LinkedIn's private data since it simply uses publicly available information and compares it to other data across the web.

“The data we process is all publicly available. We just do the heavy lifting and complicated computing to save you time. We aren't doing anything malicious to a Social website. We think browser extensions are the best way to personalize an individual’s web experience,” the company said.

LinkedIn is taking the matter seriously, and has already taken legal steps to curb SellHack’s ability to obtain the email addresses of its members.

"We are doing everything we can to shut SellHack down. On 31 March LinkedIn's legal team delivered SellHack a cease-and-desist letter as a result of several violations," a company spokesman told BBC News.

"LinkedIn members who downloaded SellHack should uninstall it immediately and contact SellHack requesting that their data be deleted."

The spokesman advised members to "use caution" before downloading any third-party extension or app.

"Often times, as with the SellHack case, extensions can upload your private LinkedIn information without your explicit consent," he said.