Receive daily articles & headlines each day in your inbox with your free ERE Daily Subscription.

Not logged in. [log in or register]

Lawsuit Accuses LinkedIn of Hacking Users and Spamming Their Contacts

by Sep 22, 2013, 1:32 pm ET

linkedinIn a blog post Saturday, LinkedIn denied charges in a federal lawsuit that it hacked into users’ email accounts collecting addresses of their contacts in order to send them marketing messages.

“Quite simply, this is not true,” writes Blake Lawit, senior director, litigation at LinkedIn.

He was responding to a class action suit filed last week that alleges LinkedIn accessed users’ Gmail, Yahoo, and other email accounts by pretending to be the account owner.  On its website, the  Los Angeles firm of Russ August & Kabat says, “The class action lawsuit charges LinkedIn with violations of federal and state law,” and solicits others to “Tell us your story.”

In the lawsuit, the firm cites numerous examples of posts on LinkedIn’s community site complaining about LinkedIn sending invitations to their contacts without their permission or knowledge. Typical of the cited complaints in the lawsuit is this one, posted in March to LinkedIn’s Help Center:

Accessing my contacts so that I can see who I’d like to connect with is
one thing. Spamming my entire contact database of everyone I’ve ever
emailed is definitely black hat tactics at growing users. This included
people I know, don’t know, email addresses from people off
Craigslist, even mailing lists received an “invite to connect” from me
today. I did not click on “invite all.” In fact, I clicked on “skip this
step.” Very disappointing.

While there’s no indication LinkedIn responded to any of the online complaints or requests for help, Charles Caro, executive director of an employment assistance service, who’s quoted in the lawsuit, responded to one string, explaining:

At some point in the recent past you opened your email address book to LinkedIn for the purpose of sending out invitations and you clicked to proceed with the operation before you fully read and understood what was about to happen.

In opening your email address book to LinkedIn without fully reading the instructions you explicitly allowed LinkedIn to send an invitation to *every* email address stored in your email address book.

LinkedIn not only sent an invitation to each of the email addresses in your email address book but also LinkedIn will send out two (2) invitation reminders to each email address in your email address book.

LinkedIn post complaintMany others, though, took issue with his claim they gave their permission, insisting, as one poster did, that “LinkedIn has done something they were not authorized to do. If you Google this issue there are many people upset over this.”

Similarly, each of the four named plaintiffs insist they never authorized LinkedIn to access their email accounts, harvest the addresses of all their contacts, and send them invitations to join the company, then send followup reminders. The only way to stop the reminders is to manually click each one individually, a process the lawsuit claims takes about 20 seconds per contact.

Lawit, posting on behalf of LinkedIn, insists:

  • We do not access your email account without your permission. Claims that we “hack” or “break into” members’ accounts are false.
  • We never deceive you by “pretending to be you” in order to access your email account.
  • We never send messages or invitations to join LinkedIn on your behalf to anyone unless you have given us permission to do so.

Lawit’s post goes on to say, “We do give you the choice to share your email contacts, so you can connect on LinkedIn with other professionals that you know and trust. We will continue to do everything we can to make our communications about how to do this as clear as possible.”

However, New York Times blogger Vindu Goel, discussing LinkedIn’s signup process, which is where the issue begins, says, “It’s not hard to see how someone new to the service could accidentally send an invitation to everyone they know, including casual acquaintances and people they would rather not connect with ever again.”

“Instead of asking you to opt in by checking off which specific contacts you want to invite, LinkedIn requires you to opt out by unchecking the “select all” button. If you are not careful, hundreds of invitations can go out — no second thoughts or cooling-off period provided.”

In addition to the hacking claim,  the lawsuit also charges LinkedIn misappropriated the plaintiffs’ identify for commercial gain, violated of California’s unfair business practices and privacy laws, and committed a violation of the federal wiretap law.

This article is provided for informational purposes only and is not intended to offer specific legal advice. You should consult your legal counsel regarding any threatened or pending litigation.

  • Seth Quinn

    I use LinkedIn Recruiter just about everyday for work purposes and absolutely find it invaluable for recruiting. However, right hand up, that LinkedIn has done exactly what they are denying. I’m glad this has been addressed.

  • Charles Caro

    What those complaining always conveniently forget to mention is they explicitly gave their email address password to LinkedIn knowing they were about to send invitations to people listed in their email address book. The lawsuit is completely baseless because LinkedIn cannot be held responsible when its members fail to actually read and understand what they are doing before clicking to proceed. The users may not recognize all of the names on the invitations sent because the “default” setting for most email clients is to “save” the email address for *all* inbound messages regardless of whether or not the user “replies” or moves the message to the “junk” folder. Even though the feature is very poorly designed and implemented the LinkedIn member always has the option to not open their email address book, which would always be the “common sense” thing to do on the Internet.

  • Keith Halperin

    @ Charles: You have a point. LI has a “terms and conditions” for us to sign which basically says they can do anything they want and we can’t do anything, but “them’s the breaks” you typically get with a near-monopoly.

    -kh

  • http://www.techtrak.com Maureen Sharib

    Charles, I’ve noticed you busy defending LinkedIn in the comments sections on the big media sites – the NY and the LA Times.

    You’re mostly a lone voice in amongst the many, mostly haters on those but in here you’ll probably find a warm, welcoming reception.

    That’s because THIS community is loathe to criticize the darling that keeps pouring the poison syrup down their throats addicting them to a database that has been raised on the use of steroids.

    (Sorry, guys, that’s my take on it.)

    As one commenter after you Charles, on the NY Times string stated, the “crux of the problem is the user interface for this feature” as you had just pointed out to the audience, as you just did again here in the same post you posted there.

    That being said, and visiting LinkedIn’s Help Center and reading the hundreds (maybe thousands/ millions?) of comments and pleas for help and LinkedIn’s apparent willingness to ignore the problem (not a single LI response did I see!) doesn’t it seem to you that a RESPONSIBLE COMPANY would address the issue early on and not let something like this fester into a pustule that explodes onto everyone standing nearby?

    Here’s why they do nothing.

    If you read the lawsuit pages 24 through 27 lay out LinkedIn’s Business Case For Greed.

    http://www.linkedinclassaction.com/files/74631323.pdf

    It’s plain and simple: It profits them to trick people.

    Not only do they “trick” people by exploiting peoples’ own fallible understandings about how sophisticated Internet/social media sign-up procedures “work” (and if you read the lawsuit you’ll read the claim that LinkedIn’s is unusual in the convoluted, seemingly sleight-of-hand path it takes a new signee on) it tricks the worldwide (purchasing) audience about its own success (overblown membership numbers.)

    The ones who stand to be MOST HURT by this are the stockholders who have swallowed, like guppies, that hook of baloney about the wonder of membership numbers (that they themselves don’t understand but are naively self-convinced they should) and LinkedIn’s hype-strewn press about themselves.

    Maybe I shouldn’t say that. Let’s bring this closer to home. The ones who really stand to be most hurt by this are my recruiting and sourcing brethren who have drunk deep this cup of poison – but I’ve been saying that for some time now.

    LinkedIn is their own best press and they are seeing to it that they fast become a media empire to ensure that place in this world.

    The problem is they got called on the carpet earlier than they thought they would be.

    Maybe they even thought they’d get away with it but when the comedians on TV start making jokes about something and you become a laughingstock you’d best sit up and take notice. Yeah, you can smile with the audience but you better do some soul-searching.

    LinkedIn failed to do this, it seems.

    Whether or not it’s found LinkedIn did anything “legally” wrong (I happen to think they’re too smart to have gotten their teats caught in that trap) they’ve offended public sentiment IN A BIG WAY.

    There’s a saying:

    Trick me once, shame on you.
    Trick me twice, shame on me.

    LinkedIn is a gargantuan Goliath with a whole bunch of cash taken at a lot of our expenses and all we are are a bunch of Davids.

    We’ll see what happens next.

  • http://www.corcodilos.com/blog Nick Corcodilos

    Charles: I don’t think you have a point. A company that promotes integrity and honesty as touchstones of its online philosophy is using scummy methods to trick users into turning over their mail lists. I frankly don’t care if it’s legal because it’s in the 4-point type in the T&C’s. LinkedIn is screwing over its members. Trust and integrity matter. LinkedIn might win in court, but it will lose in the court of public opinion. And Reid Hoffman and Jeff Weiner can follow Marc Cenedella off the same cliff… But my bet is that an enterprising class action attorney will make something stick. The payday in court is just too big for smart lawyers to ignore. In the end, LinkedIn’s clever T&C move will be outdone by a lawyer’s clever brief.

  • Keith Halperin

    @ Nick: “integrity and honesty” is for customers, not the vendor. It’s like competition: fair and open competition for me UNTIL I win, then monopolistic practices and regulations and regulation to make sure I ALWAYS win…

    Cheers,
    Keith