LinkedIn denied over the weekend charges that the company breaks into the email accounts of its members without permission to harvest contacts' addresses.
A class action complaint by four users has charged the professional networking site with hacking into their external email accounts and downloading addresses of their contacts for monetary gain by repeatedly promoting its services to these contacts.
[ InfoWorld presents the Bossies 2013, the best open source software for security, data centers, clouds, and more. | Keep up with key security issues with InfoWorld's Security Adviser blog and Security Central newsletter. ]
Paul Perkins, Pennie Sempell, Ann Brandwein, and Erin Eggers charged LinkedIn with breaking into "its users' third party email accounts, downloading email addresses that appear in the account, and then sending out multiple reminder emails ostensibly on behalf of the user advertising LinkedIn to non-members."
The so-called hacking of the user's email account and download of addresses is done without "clearly notifying the user or obtaining his or her consent," which is likely to emerge as the crux of the case.
LinkedIn does not access a user's email account without the user's permission, and claims that it hacks or breaks into members' accounts are false, Blake Lawit, senior director of litigation at LinkedIn wrote in a blog post on Saturday. LinkedIn never deceives by "pretending to be you" in order to access the user's email account, Lawit wrote.
"We never send messages or invitations to join LinkedIn on your behalf to anyone unless you have given us permission to do so," he added.
New users signing in to LinkedIn are asked for the external email address as their user name, though they aren't told what it will be used for, according to the complaint filed last week in U.S. District Court for the Northern District of California.
If a LinkedIn user leaves an external email account open, LinkedIn is said to pretend to be that user and downloads the email addresses in that account to LinkedIn servers, according to the complaint. Linkedln is able to download the addresses without requesting the password for the external email accounts or obtaining users' consent, according to the complaint.
If the LinkedIn user has logged out from his email applications, the network requests the user name and password of an external email account to ostensibly verify the identity of the user, and then, without notice or consent, attempts to access the user's external email account to download email addresses, according to the complaint.
Linkedln does not inform its users that email addresses harvested from a user's external email account will be sent multiple emails inviting the recipient to join Linkedln with the user's endorsement, the complaint said. Users have complained to Linkedln about its "unethical harvesting" of email addresses and repeated spamming of those addresses, according to the complaint, which asks the court for damages and an order prohibiting LinkedIn from continuing its "wrongful and unlawful acts."