LinkedIn is “breaking into” user emails, spamming contacts – lawsuit

In a damning class action complaint, LinkedIn users are accusing the company of “tunneling” into their email accounts in order to repeatedly spam anyone who has ever had had contact with them.

The complaint, filed this week in Los Angeles, accuses LinkedIn of violating laws related to hacking, wire-tapping and false endorsements. Users say the social network’s marketing practices have given rise to fear and embarrassment as a result of emails sent to business associates, ex-spouses and, in one instance, a mentally ill former contact.

The claims draw attention both to email privacy rights, and to the tactics underlying LinkedIn’s aggressive growth strategy.

“Breaking into” email accounts

According to the complaint, LinkedIn prompts users to enter an email address, and then uses the information to download every account from a user’s account such as Gmail or Yahoo. LinkedIn is allegedly able to do this so long as the user are logged into the email provider; if they are not, LinkedIn suggests they log-in:

users sign up for LinkedIn they are required to provide an external email address as their username and to setup a new password for their Linkedln account. LinkedIn uses this information to hack into the user’s external email account and extract email addresses. If a LinkedIn user leaves an external email account open, LinkedIn pretends to be that user and downloads the email addresses contained anywhere in that account to Linkedln’s servers. Linkedln is able to download these addresses without requesting the password for the external email accounts or obtaining users’ consent.

LinkedIn does not require the password to the email account, but is nonetheless able to download not just an “address book” but any address ever sent or received. The complaint says the tactic was a deliberate strategy by LinkedIn to add users and make money, and cites a former engineer who boasts of “hacking.” Here are screenshots (the engineer’s profile is still up here)

LinkedIN screenshot

Screenshot linked in hacking

LinkedIn has told Bloomberg, which reported the complaint, that the lawsuit is without merit.

Thousands of invitations

The heart of the complaint involves LinkedIn’s practice of encouraging people to invite others to their network when they sign up with the service or, if they’re existing members, to expand their network.

If a user agrees, LinkedIn sends out an “invitation to connect” to all of the user’s contacts. If the contacts don’t respond, the service then send outs out two more reminder emails.

According to the complaint, the LinkedIn sign up process is deceptive and doesn’t clearly inform users that it will “spam” their contacts. The plaintiffs are a former ad manager for the New York Times, a professor, a lawyer and a movie producer. Their complaint, which is a request to sue on behalf other LinkedIn users across America, also object to the fact that LinkedIn does not provide an easy way to retract the multiple follow-up invitations.

The complaint also claims that LinkedIn often emails thousands of messages without disclosing it will do so:

Since Linkedln routinely takes well over 1,000 email addresses from a user’s external email account, it displays only a very small fraction of those email addresses on the “Why not invite some people?” screen.

The practice has given rise to hundreds of complaints on LinkedIn’s own website, says the claim, from people who accuse the company of sending spam, and putting them in embarrassing personal and professional situations:

I’m not the only one being hacked by linkedin, but extremely upset at the repercussions. one of the people on my contact list is mentally ill and the last thing I wanted was to invite her to be my connection on linkedin.

The lawsuit says the practice amounts to a violation of the Wiretap Act, the Stored Communications Act and a variety of California privacy and right to publicity laws. The suit seeks millions in damages, in part by noting that, on LinkedIn’s own pricing scheme, it costs $ 10 to send an email to someone with whom a user is not connected.

A growth strategy for LinkedIn

LinkedIn’s aggressive email solicitations are part of a strategy to boost revenue by increasing its user base, according to the complaint. The increase in users allegedly makes it easier for the company to pull in more money from its three revenue sources: selling its database to job recruiters; advertising to users; selling premium accounts to subscribers.

LinkedIn is not the only company that has come under fire for using invasive tactics to grow its user base. Path, a photo-based social network, has been criticized for scraping users contact lists in order to send messages to promote the app.

LinkedIn, meanwhile, has long been a hit with investors though in, recent months, the media has expressed more skepticism with stories like “All LinkedIn with Nowhere to go.”

Here’s the complaint. I’ve underlined the key legal bits and some of the juicy stuff:

LinkedIn Hacking

Related research and analysis from GigaOM Pro:
Subscriber content. Sign up for a free trial.

  • Web startups: How to guard against security breaches
  • Frenemy mine: The pros and cons of social partnerships for online media companies
  • Social first-quarter 2013: analysis and outlook


GigaOM