If you use LinkedIn, your email address can easily be exposed to anyone with access to a web browser, thanks to a Chrome extension called Sell Hack.
The tool, first noticed by Yahoo Tech, is easy to install after a quick visit to Sell Hack’s site. Once installed, a small “Hack In” button will appear on any LinkedIn profile. Users will then be able to dig up an email address associated with the user’s account even if they’re not “connected” via LinkedIn. A recent Sell Hack blog post notes that the site was created for marketing professionals “as an internal email finder tool for us to use when prospecting.”
It’s important to note that Sell Hack isn’t mining LinkedIn’s private data; rather it takes publicly available data (like name and work information) and then references that other publicly available data across the web to find an email address. In short, Sell Hack using is LinkedIn’s brand and visibility to sell its data service.
Here’s how Sell Hack describes the process :
The data we process is all publicly available. We just do the heavy lifting and complicated computing to save you time. We aren’t doing anything malicious to the LinkedIn website. We think browser extensions are the best way to personalize an individuals web experience. We love LinkedIn and are trying to make it better for the community.
While it’s not uncommon for these types of email database mining tools to pop up in marketing and sales circles, Sell Hack’s extension is unnerving due to the ease and, in our case, accuracy of finding a user’s email address.
For LinkedIn, the tool feels even more troublesome given that, until quite recently, the company was the only major social network without a blocking feature. LinkedIn rolled out a member blocking feature back in late February, after numerous reports that the company’s lax blocking policies were creating a “stalking problem” for some users.
Asked for comment on Sell Hack, a spokesperson for LinkedIn replied via email, “”We are currently looking into it.”
Update — March 31, 5:15 p.m.: In an email to BuzzFeed, LinkedIn spokesperson Krista Canfield wrote:
LinkedIn’s legal team is delivering Sell Hack a cease and desist letter as a result of several violations.
LinkedIn members who downloaded Sell Hack should uninstall it immediately and contact Sell Hack requesting that their data be deleted.
We advise LinkedIn members to protect themselves and to use caution before downloading any third-party extension or app. Often times, as with the Sell Hack case, extensions can upload your private LinkedIn information without your explicit consent.
Update — April 1, 6:23 p.m.: Sell Hack has taken down its product after LinkedIn’s cease and desist letter. They’ve also issued a clear and seemingly quite sincere blog post on the issue. Here is an excerpt:
- We received a C&D letter from LinkedIn on 3/31.
- This is not an April Fools hoax.
- SellHack plugin no longer works on LinkedIn pages.
- We only processed publicly visible data from LinkedIn based on your profile permissions…all of which has been deleted.
- LinkedIn stated: “No member data has been put at risk as a result of Sell Hack.”
- We are building a better product that does not conflict with LinkedIn’s TOS.
- We’ve been described as sneaky, nefarious, no good, not ‘legitimate’ amongst other references by some. We’re not. We’re dads from the midwest who like to build web and mobile products that people use.
- Recently been lauded with love (196x), awesome (87x) , ‘you guys f*cking rock’ (3x) amongst others.
- There are 300+ unanswered emails (and growing) in my inbox asking why the button isn’t working. We’ll get back to you before we sleep. Promise.
- We hit a previously record month for signups in one day!
- You are awesome!
- What else would you like to see since we’re taking a fresh look at things?
- It's Day 2 of the Democratic National Convention in Philadelphia. Here's what you need to know.
- Three Qaddafi henchmen who are wanted for embezzling millions from Libya have been found living comfortably in Britain.
- ISIS has claimed responsibility for a church attack that killed a priest in northern France on Tuesday.