- The Kardashians receiving backlash for food fight Instagram post Today 10:26 AM
- How to stream Artem Lobov vs. Jason Knight in BKFC Today 9:00 AM
- Lizzo sued by Postmates runner she accused of stealing her food Today 8:39 AM
- How to stream Jan Blachowicz vs. Ronaldo ‘Jacare’ Souza on UFC Fight Night Today 8:00 AM
- How to watch Georgia vs. Auburn live Today 6:30 AM
- How to stream Navy vs. Notre Dame live Today 3:30 AM
- The actor who played Greedo is just as confused by ‘maclunkey’ as you are Friday 4:57 PM
- AirPods are getting that sweet, sweet Black Friday price drop Friday 4:24 PM
- Looking for a Nintendo Switch? Black Friday deals are here Friday 4:04 PM
- Facebook copies Instagram with experimental ‘Popular Photos’ feature Friday 3:58 PM
- This iPhone app says it will alert you if you’ve been hacked Friday 2:43 PM
- ‘Marvel’s Hero Project’ is the wholesome content 2019 needs Friday 2:40 PM
- Get more out of VSCO with VSCO search Friday 2:09 PM
- Twitter carves out ‘cause-based’ advocacy exemption in political ads ban Friday 2:06 PM
- Disney+ accounts are being hacked—here’s how to protect yourself Friday 1:52 PM
Sell Hack, the plugin that culled LinkedIn’s database, has been shut down
The founders of a browser extension that digs up email addresses say they’re just dads from the midwest… but LinkedIn was smart to take them down.
The browser extension Sell Hack, which allowed people to hack into LinkedIn’s email database, no longer works. When it was up and running, anyone could pull up the email address of anyone else who used LinkedIn. The extension worked well, and it worked quickly; it took me less than a minute to pull up the email address of my boss.
LinkedIn responded with a cease-and-desist letter, but Sell Hack shows no signs of backing down; the startup defended itself on its blog. “We’ve been described as sneaky, nefarious, no good, not ‘legitimate’ amongst other references by some. We’re not. We’re dads from the Midwest who like to build Web and mobile products that people use,” they wrote, promising to make another version of the product that doesn’t violate LinkedIn’s Terms of Service.
LinkedIn doesn’t have any plans to continue fighting Sell Hack. “Our goal was to stop this activity and Sell Hack’s plugin has been shutdown. End of story,” Krista Canfield, the Senior Manager of Corporate Communications for LinkedIn, told the Daily Dot.
Sell Hack insists it’s a benign marketing tool that uses public information. But Adam Kujawa, the head of malware intelligence at Malwarebytes, still thinks the startup is shady, and worth keeping a close eye on.
“It looks like Sell Hack keeps a database of personal information collected,” said Kujawa. “It then searches this database and provides the user of the extension a known email address of the person.” It’s basically a higher-tech marketing email list compiled through information extracted from LinkedIn… but there was no way for users to opt-out.
And sure, Sell Hack might be operated by genial dads, but it’s still something that could be an invasive nuisance for LinkedIn users. If they took this phishing method to another network like Facebook, it could get even more obnoxious—imagine if Sell Hack could unearth phone numbers through Facebook, for instance. Great for marketers, terrible for nearly everyone else.
But Kujawa emphasized that Sell Hack wasn’t breaking any laws. “While this is ‘technically’ legal—advertisement and marketing companies do in-depth searches for leads based on open source information all the time—the app itself might be dangerous to users if it is reporting personal information about the user and their contacts back to the Sell Hack database,” he said. “From a non-legal but highly annoying standpoint, these email addresses and namely the database Sell Hack uses could be sold to spam pushers, increasing the amount of spam users receive in their inbox—even if they have never used that email for anything more than a log-in.”
Kujawa doesn’t think Sell Hack is using a glitch in LinkedIn’s code to do this information phishing (which is why it’s not illegal), but noted that the way the company streamlines the information-hunting is what makes it so insidious.
Of course, LinkedIn gives users who sign up for its premium service a chance to send messages to other users’ inboxes via InMail, but this is something more users are aware of when they sign up for the service.
Illustration by Jason Reed
Kate Knibbs is a notable tech reporter and pop culture essayist. A former staff writer for the Daily Dot, her work has appeared in Gizmodo, the Ringer, AV Club, Digital Trends, Popular Mechanics, and Time.