WingNews logo WingNews GitHub [2]
top | item 8366988

Has LinkedIn lost control of its user email database?

53 points| ColinWright | 11 years ago | reply

The email address that I created exclusively for my (much reviled) LinkedIn account has just received a virus. Does this mean their database of user emails has been leaked? Compromised? Sold?

Or are their systems just sufficiently poor that the email has leaked through other means?

36 comments

order
[+] 0898|11 years ago|reply
Your connections can see your email address: http://www.ianharris.com/linkedin-email/
[+] jaebrown|11 years ago|reply
WOW!!! Didn't know that. It could explain why connecting with someone you know is so important. When I think about it: Here is a situation that has a happened a couple of times in the past couple of years: Someone request to connect with me, we have a lot of the same connections and they really look like an all-star but there is no picture. I connected on the feeling "Why Not, a lot of my connections are connected to this person". I then get emails as if I subscribed to a much smaller service similar to a Monsters.com or Dice.com for technology related positions. I also get recruiters sending me emails for directly, and in one instance a recruiter called the main line to my employer and asked to speak with me and got transferred over.

I've always wondered how these things were taking place but never took the time to investigate because of how infrequent the occurrences were. It usually takes a while to unsubscribe from these services via email, so I just mark as SPAM. I just looked and they're still sending stuff, at least some are. I just removed all people I didn't know from shaking their hand from my connections; which includes recruiters that only request invitation to connect to talk about a job opportunity.

I wonder if LinkedIn knows about this sort of Growth Hacking type of SPAM or just doesn't care?

[+] digibo|11 years ago|reply
And I finally found a good reason to close my account. Thank you.
[+] larzang|11 years ago|reply
How could you tell the difference from the regular LinkedIn experience?
[+] spindritf|11 years ago|reply
Speaking of e-mail leaks, has Tumblr?

I started receiving spam (the dumbest, v1agra type) to [email protected] which I think I have only used for tumblr and years ago since I let my account be purged at some ToS change a while back. Although I might have also used it for a service merely associated with tumblr.

[+] Wilya|11 years ago|reply
Yes. I have an address which I'm sure hasn't been used for anything except registering on Tumblr, and it started receiving spam about two months ago.
[+] skuhn|11 years ago|reply
I have also started receiving spam at my tumblr-only address.
[+] jordsmi|11 years ago|reply
Yea they must have. I have a domain that is a catch all address and I have a bunch of tumblrs that are random things like hn3@email, hn4@email, derp@email, and all 10+ of them get the spam emails
[+] askew|11 years ago|reply
I would not put it past spammers to be trying this angle when generating addresses. Low-hanging fruit and all.
[+] smtddr|11 years ago|reply
Ya know, in the past 2 weeks I got "cold-call" emailed from recruiters directly to my personal email; not through LinkedIn's InMail feature. One from life360.com and another from jut.io. That hasn't happened to me in over 6 years and the recruiters seem to know what my LinkedIn profile info says. But, it's a gmail and I know that if you get my gmail from anywhere and put it into "https://plus.google.com/u/0/up/search", you can find my G+ which links to my LinkedIn.

I've been wondering how they got my email...

[+] laxatives|11 years ago|reply
There are several companies that work on crawling public pages and matching profiles to identities to provide recruiters work experience, phones, and emails like entelo and gild.
[+] Joeboy|11 years ago|reply
I generally register to every service with a different email address. The main ones I get spam to are the ones for Adobe, Groupon, Lastfm, Linkedin and oddly Battersea Arts Centre.

Edit: That's based on a quick look in my spam folder, not anything statistically sound.

[+] JohnTHaller|11 years ago|reply
Could be. Or it could be a server on either end. Or a connection in between. Email is inherently insecure. So, even though you have an SSL connection to your server when you send your email and they have an SSL connection to their server when they receive it, your two servers make a plaintext connection to actually send the email from one to the other.
[+] rbxs|11 years ago|reply
Or a tool that just generates random mailaddresses ending with a popular e-mailprovider domain.
[+] incision|11 years ago|reply
Coincidentally, in the past two weeks - this week in particular I've been seeing a load of crap sent to my address registered with LinkedIn which is otherwise spam-free.

I'd guess it's related to LinkedIn or GitHub as this particular address is only publicly/semi-publicly used on those two sites.

[+] realusername|11 years ago|reply
I also had the same problem, I've received 2/3 spams to the linkedin address in the past two weeks and never received any before.

They are also passing the gmail filter which is quite impressive in itself.

[+] zippergz|11 years ago|reply
I thought LinkedIn had a contact sync app that people can run to pull all of their LinkedIn contacts into their own address book. If so, could it be that one of your connections ran that, and their machine is compromised?
[+] 0x0|11 years ago|reply
It leaked a year or two ago. I had to change my listed address and SMTP REJECT the old one due to the amount of spam it received. Glad I had listed a linkedin-specific address that I could burn.
[+] kiwifree|11 years ago|reply
I am highlighting very dirty technique used by LinkedIn. LinkedIn mined my emails without my consent. I have four separate gmail accounts to keep things separate. I am 200 % sure I never linked other three gmail accounts on linkedin. LinkedIn used my current email id , went through all of my emails , matched it with other gmail accounts, mined other gmail accounts and started forcing me to accept contacts from mined data. Its very hideous way to increase member count. I now wonder is almost every San Francisco company is highly unethical ? Be it google , Uber, Yelp, LinkedIn on and on. Why american business can't be honest with their customers?
[+] dublinben|11 years ago|reply
These companies are generally abusive to their 'users' because their real customers are different. Google and Yelp's customers are advertisers, who want access to your information and attention. LinkedIn's customers are obnoxious recruiters who want to farm your information and contacts.
[+] kromodor|11 years ago|reply
There are days in which I ponder what made LinkedIn a success. It was obviously not their UX.
[+] mahouse|11 years ago|reply
Some spammers send spam to made up email addresses, hoping someone will receive it.
[+] FractalNerve|11 years ago|reply
I got spam after adobe got hacked... never received a single spam mail before. Wish Adobe had to pay for that! But I'm afraid to register at LinkedIn, because that means I'd to give the last remaining bit of privacy just to get a job. There must be another way to connect to the right people...