LinkedIn Denies Spamming, Tapping User Email

LinkedIn has rejected allegations that it makes a practice of tapping into users' private email accounts and exploiting their contact lists to send spam
LinkedIn has rejected allegations that it makes a practice of tapping into users' private email accounts and exploiting their contact lists to send spam

“We do not access your email account without your permission,” said Blake Lawit, senior director of litigation for LinkedIn, in a statement responding to the suit’s allegations. “Claims that we ‘hack’ or ‘break into’ members' accounts are false. We never deceive you by ‘pretending to be you’ in order to access your email account. We never send messages or invitations to join LinkedIn on your behalf to anyone unless you have given us permission to do so.” 

Four LinkedIn users, Paul Perkins, Pennie Sempell, Ann Brandwein and Erin Eggers, filed the complaint in US District Court on Tuesday for the Northern District of California, claiming that there are hundreds of users of the professional social network who have felt bad consequences from a policy that sees LinkedIn "hacking into" user email accounts, downloading address books, and then, under the guise of being the user, sends out marketing spam.

The suit claims that when a user signs up for LinkedIn and provides an email address, it then uses an algorithm of some kind to harvest addresses of those with whom the user has exchanged mail. The “spam” consists of a pitch to sign up for LinkedIn, followed by two reminders. The mails all contain the user’s picture and details, so it looks like a legit recommendation from peoples’ friends or coworkers.

The thing that has the plaintiffs in a bunch, however, is the concern that LinkedIn fails to clearly notify the user of the practice, let alone obtain his or her consent, according to the lawsuit:

The hacking of the users' email accounts and downloading of all email addresses associated with that user's account is done without clearly notifying the user or obtaining his or her consent. If a LinkedIn user leaves an external email account open, LinkedIn pretends to be that user and downloads the email addresses contained anywhere in that account to LinkedIn servers.

LinkedIn calls all of this “false accusations.”

“As we’ve said before, our core value at LinkedIn is Members First,” Lawit wrote. “This guides all the decisions that we make when it comes to our members, including how we communicate with them and how we use their data. That’s why we felt we needed to explain we believe that the claims in this lawsuit are without merit, and we wanted to correct the false accusations and misleading headlines.”

What’s Hot on Infosecurity Magazine?