Attention, creeps and shameless networkers: There’s a new browser extension that lets you see anyone who’s on LinkedIn’s email address, and it’s horrifyingly easy to use. Sell Hack is a tool designed to help marketers find new people to spam with pitches, and it’s massively shady hacking trick highlights how easy it is to break through some of LinkedIn’s privacy settings.
You know how annoying it is when all you want is an email address and the only option is to try out LinkedIn premium to use InMail? Yeah, this just bypasses that.
To test it, I looked up the Daily Dot editor Molly McHugh’s email, since we’ve never bothered connecting on LinkedIn. Right below her picture, the extension invited me to “Hack In.”
It took about a minute and one click to pull up her current work email. For reporters like us, that’s not the end of the world, since we make our email addresses publicly available anyway. But for people who try to guard their email addresses, this extension could invite a barrage of unwanted messages.
Then I decided to try some famous people. I looked up the account emails for the LinkedIn profiles of Marissa Mayer, Sean Parker, Eduardo Saverin, Deepak Chopra, and LinkedIn CEO Jeff Weiner. Deepak Chopra had the only email address that wouldn’t come up, because apparently there were 34 listed… so I suspect the new agey guru doesn’t have anything to do with his LinkedIn account. Mayer’s also looks fake—it pulls up six different Yahoo accounts. Saverin’s, which was the one I thought had the highest chance of being real since he’s most famous for being played by an adorable Andrew Garfield, gave his Facebook email addresses. Something tells me those are no longer functional. But out of these six tests, I had some potential winners. Parker’s email addresses looked believable, as did Weiner’s. Neither responded to my email request… but that doesn’t mean those aren’t the right addresses, or that they aren’t getting other unsolicited emails due to this extension.
LinkedIn is in the process of sending Sell Hack a cease-and-desist letter, so the extension may get shut down soon.
“We advise LinkedIn members to protect themselves and to use caution before downloading any third-party extension or app. Often times, as with the Sell Hack case, extensions can upload your private LinkedIn information without your explicit consent,” LinkedIn Senior Manager of Corporate Communications Krista Canfield told the Daily Dot. “LinkedIn members who downloaded Sell Hack should uninstall it immediately and contact Sell Hack requesting that their data be deleted.”
That’s good advice, because if Sell Hack is shady enough to come up with an extension like this, it’s shady enough to use our data for evil. And if they aren’t, the people using it probably will.