LinkedIn accused of hacking accounts

BREACH OF TRUST?:An engineer who no longer works at the firm described his role on the company Web site as designing hacking schemes to make money from software

Bloomberg

Mon, Sep 23, 2013 - Page 15

LinkedIn Corp, owner of the world’s most popular professional-networking Web site, was sued by customers who claim the company appropriated their identities for marketing purposes by hacking into their external e-mail accounts and downloading contact addresses.

The customers, who aim to lead a group suit against LinkedIn, asked a federal judge in San Jose, California, to bar the company from repeating the alleged violations and to force it to return any revenue stemming from its use of their identities to promote the site to non-members, according to a court filing.

“LinkedIn’s own Web site contains hundreds of complaints regarding this practice,” they said in the complaint filed on Sept. 17, which also seeks unspecified damages.

LinkedIn claims to have the world’s largest online professional network, with more than 238 million members, including executives from every Fortune 500 company.

Chief executive officer Jeff Weiner is quoted in the complaint as saying on a second-quarter earnings call: “This strong membership growth is due in large part to new growth optimization efforts.”

Doug Madey, a spokesman for Mountain View, California-based LinkedIn, said the lawsuit is without merit and the company will fight it.

“LinkedIn is committed to putting our members first, which includes being transparent about how we protect and utilize our members’ data,” Madev said on Friday in an e-mail.

LinkedIn required the members to provide an external e-mail address as their username on its site, then used the information to access their external e-mail accounts when they were left open, according to the complaint.

“LinkedIn pretends to be that user and downloads the e-mail addresses contained anywhere in that account to LinkedIn’s servers,” they said.

“LinkedIn is able to download these addresses without requesting the password for the external e-mail accounts or obtaining users’ consent,” they added.

In a post on Saturday on the LinkedIn blog, Blake Lawit, the company’s senior director of litigation, said the allegation that

LinkedIn breaks into the e-mail accounts of members who choose to upload their address books to the site is not true.

The company does not access customers’ e-mail accounts without their permission, he said.

Nor does LinkedIn “pretend” to be a customer to gain access to the user’s e-mail account, he said.

“We never send messages or invitations to join LinkedIn on your behalf to anyone unless you have given us permission to do so,” Lawit wrote.

LinkedIn software engineer Brian Guan described his role on the company’s Web site as “devising hack schemes to make lots of $$$ with Java, Groovy and cunning at Team Money!” according to the complaint.

Java is a programming language and computing platform released by Sun Microsystems in 1995. Groovy is a another language for the Java platform.

The plaintiffs, who are seeking a jury trial, provided a link to the engineer’s post, www.linkedin.com/in/brianguan, which they said they last visited on Sept. 13.

Guan left the company in May last year, LinkedIn said.

In an e-mail to Bloomberg on Saturday, Deborah Lagutaris, whose LinkedIn profile describes her as a tax preparer, real estate broker and former law clerk, said LinkedIn contacted more than 3,000 people in her name, including those copied in on her e-mail messages.

“This means that not only direct e-mail contacts, but peripherals as well,” were used, she said.

“I contacted LinkedIn and they said, ‘Oh, you can remove all those invitations from your account manually. We don’t know what happened,’” she added.

Instead, she said she added a disclaimer to her LinkedIn page saying she had not sent the invitations.

Jeffrey Barr of Livingston, New Jersey, said in an e-mail that he estimated LinkedIn used as many as 200 names and e-mail addresses of his contacts, inviting them to connect with him on the site.

“Some of the people I had not talked to in five to 10 years, including several old girlfriends I had forgotten to delete,” he said.

LinkedIn told him he had not unchecked a default setting allowing it to use the e-mails, he said.

According the complaint, it was part of LinkedIn’s growth initiative also to send multiple e-mails endorsing its products, services, and brand to potential new users, following up with additional messages to people who did not sign on.

The existing users have no way to stop the process, the plaintiffs said.

“These ‘endorsement e-mails’ are sent to e-mail addresses taken from LinkedIn users’ external e-mail accounts, including the addresses of spouses, clients, opposing counsel, etc,” according to the complaint.