Skip to main content

LinkedIn shuts down Chrome add-on that revealed private email address

LinkedIn has reacted angrily to a free web-browser plug-in that undermined one of its biggest selling points – confidential profiles.

Related: Volunteer marketplace launches on LinkedIn for non-profits

The professional social network issued a cease-and-desist letter against SellHack, a Chrome extension that allowed the personal email addresses of its users to be revealed with the click of a button.

"We are doing everything we can to shut SellHack down. On 31 March LinkedIn's legal team delivered Sell Hack a cease-and-desist letter as a result of several violations," a spokesman told the BBC. "LinkedIn members who downloaded SellHack should uninstall it immediately and contact SellHack requesting that their data be deleted."

Thousands downloaded the extension that allows email addresses to be revealed even if a person is not a connection – something that goes against the grain of LinkedIn’s unique approach to professional networking.

Once installed, the Chrome extension placed a “hack in” button on LinkedIn profiles that, when clicked, reveals the email address of the user. The owners of SellHack have disabled the plug-in as a result of LinkedIn’s action and are already working on a new product.

“We are building a better product that does not conflict with LinkedIn’s TOS,” stated SellHack on its blog. “We’ve been described as sneaky, nefarious, no good, not ‘legitimate’ amongst other references by some. We’re not. We’re dads from the midwest who like to build web and mobile products that people use.”

LinkedIn takes a tough stance against those that try to compromise its service and filed a suit back in January against scammers that have created thousands of fake profiles in order to scrape data about LinkedIn members – something that flouts the social network’s policies.

Related: LinkedIn users targeted by spear-phishing scam

It has also been subject of a handful of hacks and to try to combat this it introduced two-factor authentication in May 2013 for all of its users.