Sell Hack extension exposes LinkedIn email addresses
LinkedIn is trying to shut down a browser extension that exposes the contact details of its members.
The Sell Hack extension for Google Chrome lets users view other LinkedIn members’ email addresses without first having to connect on the social networking site.
The extension adds a Hack In button to users’ profiles, which when clicked is supposed to reveal their email address – although in our brief tests, it merely provided an error message saying the service was suffering from heavy demand.
Sell Hack is not available through the Chrome Web Store, but can be freely downloaded from the developer’s own site. LinkedIn has, according to the BBC, sent the operators a cease and desist notice, but the site and the extension remain online.
It’s not clear how Sell Hack manages to circumvent LinkedIn’s privacy controls. Sell Hack’s website claims: “The data we process is all publicly available. We just do the heavy lifting and complicated computing to save you time. We aren’t doing anything malicious to the LinkedIn website.”
It’s conceivable that the Sell Hack extension scours the contact details of users, and the LinkedIn contacts of its users, allowing it to create its own database of email addresses that are provided on request.
LinkedIn warns that extensions “can upload your private LinkedIn information without your explicit consent”, and the Permissions info on the extension itself warns that it may access your data on LinkedIn.com.
“We are doing everything we can to shut Sell Hack down,” a LinkedIn spokesperson told the BBC. “On 31 March LinkedIn’s legal team delivered Sell Hack a cease-and-desist letter as a result of several violations.”
“LinkedIn members who downloaded Sell Hack should uninstall it immediately and contact Sell Hack requesting that their data be deleted.”