There’s some trouble at the world’s most formidable social media outlet for business professionals and jobseekers. It’s been revealed that a new tool called “Sell Hack” allowed people to hack into the social media network’s profiles and email addresses.
According to the BBC, “Sell Hack” is available as a free extension to the Chrome browser, and once installed, will pop up a “hack-in” button on LinkedIn profiles. Users can then find the email addresses associated with the account even if they are not connected.
The professional network says it is taking legal action over the plug-in and has advised users to uninstall it. LinkedIn also sent a cease and desist letter to Sell Hack, which has since disabled the plug-in.
“We are building a better product that does not conflict with LinkedIn’s terms of service,” it said on its blog. Sell Hack also said on the blog that the company only “processed publicly visible data from LinkedIn based on your profile permissions…all of which has been deleted.sed via a web browser add-on tool,” it has been revealed.
But the social network for professionals is hoping to unplug Sell Hack.
“We are doing everything we can to shut Sell Hack down. On 31 March LinkedIn’s legal team delivered Sell Hack a cease-and-desist letter as a result of several violations,” a spokesman told the BBC.
“LinkedIn members who downloaded Sell Hack should uninstall it immediately and contact Sell Hack requesting that their data be deleted.” He said that members should “use caution” before downloading any third-party extension or app.
“Often times, as with the Sell Hack case, extensions can upload your private LinkedIn information without your explicit consent,” he said.
Meantime, Computerweekly.com reports that Sell Hack did not actually hack LinkedIn profiles to reveal the email addresses associated with them.
“Instead, Sell Hack made use of publicly available information on the net combined with ‘best guesses’ to determine the likely contact details for an individual,” independent security analyst Graham Cluley wrote in a blog post.
LinkedIn has confirmed that no LinkedIn data has been compromised and Sell Hack is not the result of a security breach, bug or vulnerability. Sell Hack has confirmed receipt of the cease-and-desist letter from LinkedIn and said the plugin no longer works on LinkedIn pages.