A Free Chrome, Firefox and Safari web browser plugin floating around the web, called 'Sell Hack'
allows users to view the hidden email address of any LinkedIn user,
means anyone can grab email addresses that we use for professional
purposes.
When installed, the 'Sell Hack' plugin will pop up a 'Hack In' button on LinkedIn profiles and further automatically mines email addresses of LinkedIn users.
NOT A SECURITY BREACH
It's not a Security breach, LinkedIn has confirmed that no LinkedIn data
has been compromised, but rather this free extension rely on an
algorithm that checks publicly available data in order to guess users’
email addresses.
So without exploiting any loophole or vulnerability, Sell Hack is capable of predicting users' email addresses with OSINT (Open-Source Intelligence) techniques i.e. information collected from publicly available sources.
It is also possible that, the Sell Hack extension is gathering data from
users who have installed it, allows plugin to watch your activity on
the site and collect the information of any direct connection whose page
you've decided to visit; so this way Sell Hack can cross-serve the
collected data to other users.
LinkedIn users who have downloaded Sell Hack should uninstall it immediately, "LinkedIn
members who downloaded Sell Hack should uninstall it immediately and
contact Sell Hack requesting that their data be deleted." LinkedIn officials warned.
LINKEDIN IS NOT HAPPY
The Professional Social Network giant LinkedIn has decided to take legal
action and publicly criticised Sell Hack in statements. LinkedIn pulled
SellHack Team to the door of judiciary for disclosing the email IDs of
users to the un-connected users.
"We are doing everything we can to shut Sell Hack down. On 31 March
LinkedIn's legal team delivered Sell Hack a cease-and-desist letter as a
result of several violations," a LinkedIn spokesman said.
IS IT LEGAL?
The Developers Sell Hack tool explained, “The data we process is all
publicly available. We just do the heavy lifting and complicated
computing to save you time. We aren't doing anything malicious to a
Social website. We think browser extensions are the best way to
personalize an individual's web experience.”
On their website, Sell Hack answered, How does it work? "If
we don't received a validation response, we'll present a 'copy all'
button to copy & paste the list for your own uses: i.e. check your
own data sources or BCC email the entire list etc." that Means, if
service will not be able to guess the user's email address, it will ask
you to enter your emails database for further match-search.
SOLUTION
Two days back LinkedIn has sent a cease-and-desist notice
to Sell Hack for violating the LinkedIn Terms of Service and as a
result the SellHack extension is no more working on the LinkedIn pages. "SellHack plugin no longer works on LinkedIn pages," developers stated.