LinkedIn Hacked Email Contacts, Class Says
(CN) - LinkedIn hacked into users' accounts, harvested their email contacts and then barraged those contacts with promotional spam, according to a federal class action.
"When users sign up for LinkedIn they are required to provide an external email address as their username and to set up a new password for their LinkedIn account," users claim in San Francisco Federal Court.
"LinkedIn uses this information to hack into the user's external email account and extract email addresses. If a LinkedIn user leaves an external email account open, LinkedIn pretends to be that user and downloads the email addresses contained anywhere in that account to LinkedIn's servers," including the addresses of former spouses, clients and opposing counsel.
Members say the business-networking site downloads these email addresses without users' consent, despite promising users that "[w]e will not email anyone without your permission."
LinkedIn then sends "multiple emails endorsing its products, services, and brand to potential new users," plus two follow-up "reminder emails," members claim.
They say a lead software engineer at LinkedIn even bragged about what the company does, posting on his LinkedIn profile that his role is "devising hack schemes to make lots of $$$ with Java, Groovy and cunning at Team Money!"
The hacking scheme allowed the company to expand its member base to 218 million, according to the 46-page complaint.
CEO Jeff Weiner chalked up LinkedIn's impressive growth to "optimization initiatives," which users say are actually its email-harvesting practices.
"Linkedln intentionally and knowingly created and developed this deceptive advertising scheme to improperly use the names, photographs, likenesses, and identities of plaintiffs for the purpose of generating substantial profits for Linkedln," the members claim.
Blake Lawit, senior director of litigation at LinkedIn, denied harvesting user email accounts without permission in a blog post on Saturday.
"Quite simply, this is not true," Lawit wrote.
"Claims that we 'hack' or 'break into' members' accounts are false," he added. "We never deceive you by 'pretending to be you' in order to access your email account. We never send messages or invitations to join LinkedIn on your behalf to anyone unless you have given us permission to do so."
Class members demand unspecified damages and restitution, plus legal expenses and attorneys' fees, for alleged violations of their publicity rights, the Unfair Business Practices Act, the Stored Communications Act, the Wiretap Act, the California Comprehensive Data Access and Fraud Act, and the California Invasion of Privacy Act.
They are represented by Larry Russ of Russ August & Kabat in Los Angeles.