LinkedIn Sued For Hacking Users' Emails
The consumers, all Gmail users, allege that LinkedIn asked them to provide an email address when they signed up for the service, and then proceeded to harvest the email addresses of everyone they had ever exchanged messages with. The users say that LinkedIn never asked them for their passwords, but was nonetheless able to retrieve addresses of thousands of their contacts.
“The hacking of the users' email accounts and downloading of all email addresses associated with that user's account is done without clearly notifying the user or obtaining his or her consent,” they allege in their complaint, filed in U.S. District Court for the Northern District of California. “If a LinkedIn user leaves an external email account open, LinkedIn pretends to be that user and downloads the email addresses contained anywhere in that account to LinkedIn servers.”
It's not clear how LinkedIn allegedly accomplishes this. The complaint says that Google notified the users before sharing their data -- although that notification allegedly didn't specify that LinkedIn would be able to access addresses for everyone who had ever emailed the users. LinkedIn has not responded to requests for comment.
The users -- Paul Perkins, Pennie Sempell, Ann Brandwein, and Erin Eggers -- say that LinkedIn sent out at least three email invitations to people whose addresses had been harvested. The complaint provides an unusual degree of detail about the Web users who are suing: Perkins, a New York resident, formerly served as manager of international advertising sales for The New York Times, according to the complaint. Brandwein is a statistics professor at Baruch College in New York, Eggers is a film producer and former vice-president of Morgan Creek Productions in Los Angeles, and Sempell is a lawyer and author in San Francisco.
While they acknowledge in their complaint that LinkedIn asked them for permission to “grow” their networks, they also say that the service never said it would send a series of email invitations to their contacts. “Linkedln's accessing of email addresses far exceeds the authority and consent to which Linkedln users provide,” the Web users allege. “Linkedln does not inform its users that each email address appropriated from a user's external email account will be sent multiple emails inviting the recipient to join Linkedln with the user's endorsement.”
They are accusing LinkedIn of violating the federal wiretap law as well as California privacy laws, and are seeking class-action status.