It seems that LinkedIn has suffered yet another security breach, this time courtesy of a free extension to the Chrome browser that reveals the email addresses behind LinkedIn profiles with a simple button click, even when not connected.
The powerful LinkedIn has issued a Cease & Desist notice to try and stop the much smaller SellHack company from giving away the extension. As is often the case the larger company, with the disproportionately bigger legal budget, will probably win the day. Indeed, SellHack has already disabled the plugin.
Certainly we don’t condone SellHack’s actions in making it so simple to access confidential LinkedIn data that even a 2 year old with an Android tablet could do it. That’s obviously wrong. However simply making something harder to do doesn’t make it secure: LinkedIn please take note.
To my mind then the real problem here is that LinkedIn has some major security flaws in its system as we revealed just 3 weeks ago. I personally think LinkedIn would do better to attend to its evident security problems, rather than pick on those who expose them (regardless of how inappropriate that method of exposure may be). I’m beginning to wonder what LinkedIn security vulnerability will be revealed next: Sweepstake anyone?
One lesson here is of course never to trust any system that views you as a content-generating commodity item, and to ensure that you use a disposable email address to communicate with it.