dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
898
share rss forum feed


Stem Bolt
Aka Smiling Bob
Premium
join:2002-11-08
Cleveland, OH
kudos:2

1 recommendation

LinkedIn Accused of Hacking Customers Emails to Get Contacts

»www.businessweek.com/news/2013-0···ss-books

A few weeks ago I received multiple emails from LinkedIn (I'm not a member) in the name of an acquaintance of mine. I thought it odd but didn't realize it could have been related to something like this issue.



sivran
Opera ex-pat
Premium
join:2003-09-15
Irving, TX
kudos:1

Somehow I think it's more likely the users are at fault.
--
Oh, Opera, what have you done?



siljaline
I'm lovin' that double wide
Premium
join:2002-10-12
Montreal, QC
kudos:17
Reviews:
·Bell Sympatico
reply to Stem Bolt

LinkedIn spam email is notorious at this point. Any received should be considered as spam.

If you have a LinkedIn account - I do - you can only view your messages via your account. If you send a message to another LinkedIn member, their default email account will not get any email.



siljaline
I'm lovin' that double wide
Premium
join:2002-10-12
Montreal, QC
kudos:17
Reviews:
·Bell Sympatico
reply to Stem Bolt

Linkedln assures that they will not spam your contacts in your name unless you've approved to their terms&conditions.

»blog.linkedin.com/2013/09/21/set···sations/ Via Mikko Hypponen


mackey
Premium
join:2007-08-20
kudos:12

said by http://blog.linkedin.com/2013/09/21/setting-the-record-straight-on-false-accusations/ :

*) We do not access your email account without your permission. Claims that we "hack' or "break into' members" accounts are false.
*) We never deceive you by "pretending to be you' in order to access your email account.
*) We never send messages or invitations to join LinkedIn on your behalf to anyone unless you have given us permission to do so.

What's with all the exceptions? The first and 3rd ones practically admit to doing them as "permission" is most likely an already-checked-for-you box on the sign-up page (or a new, already checked box added to the account settings page for existing users) and the 2nd is wrong because it's not "you" they are deceiving, it's whoever's providing your e-mail service.

/M


siljaline
I'm lovin' that double wide
Premium
join:2002-10-12
Montreal, QC
kudos:17
Reviews:
·Bell Sympatico

I haven't had a chance to get my head wrapped around this as of yet but ...

quote:
LinkedIn Accused of Hacking Users’ Email Accounts. Here’s the Complaint.
»allthingsd.com/20130921/linkedin···mplaint/


shortckt
Watchen Das Blinken Lights
Premium
join:2000-12-05
Tenant Hell
reply to Stem Bolt

said by businessweek article :
LinkedIn required the members to provide an external e-mail address as their username on its site, then used the information to access their external e-mail accounts when they were left open, according to the complaint.

“LinkedIn pretends to be that user and downloads the e-mail addresses contained anywhere in that account to LinkedIn’s servers,” they said. “LinkedIn is able to download these addresses without requesting the password for the external e-mail accounts or obtaining users’ consent.”
Ok so a LinkedIn user creates an LI account using their email address as the login, and (hopefully) a different password than required to access that same email account. How does LI 'hack into' that external email account without the password? What do they mean by "when they were left open"?

sivran See Profile might be right, LI users are uploading or otherwise giving LI access to their external address book, then complaining when LI takes advantage of all those newly discovered email addresses. That's not to say that what LI is doing is right, but I don't see how else LI can gain access to any part of a user's external email account with just the email address and no password... unless I'm missing something.

I have a LI account but seldom look at it. When I logged in recently to change some settings to reduce the amount of email reminders they were sending me, I noticed that in the section "people you might know" (or something like that) was a link to the profile of a retired AT&T technician who I didn't really know, but I communicated with by email last year when I picked up some schematics he was giving away. The emails were exchanged entirely outside of LI, and we have no other connection within LI to my knowledge. All others listed in the "people you might know" section were either strangers, or ex-coworkers who were associated with me by a common employer listed in my profile.


red2

@fastwebnet.it

I believe that when you start out, LinkedIn asks the user to grant access to their address book to determine if any of those email contacts are on LinkedIn and that THEY might want to connect with. People mistakenly provide their password thinking it is necessary for LinkedIn to permit them to connect to people.

What users have NOT done is granted THEM access to complile all the email addresses in their address book and then write to anyone they have ever emailed, supposedly on the user's behalf, saying that they should join LinkedIn in order to connect, e.g. the guy on ebay or Craiglist they bought something from, their ex-wife, any company they've had contact with, government office, etc. LinkedIn emails them and if they don't repond, sends them two addtional "reminders".

I believe this issue is similar to a user being told to provide an email address so that customer service can contact them only to then find that, without authorization, this email address has now been provided to the sales department or to third parties.

Plenty of LinkedIn users, like those on Facebook, find the privacy policies are not well explained and that opting out once you've made a mistake is nearly impossible.