Federal Lawsuit Accuses LinkedIn of Hacking, Spamming

Article main image
Sep 22, 2013
This article is part of a series called News & Trends.

In a blog post Saturday, LinkedIn denied charges in a federal lawsuit that it hacked into users’ email accounts collecting addresses of their contacts in order to send them marketing messages.

“Quite simply, this is not true,” writes Blake Lawit, senior director, litigation at LinkedIn.

He was responding to a class action suit filed last week that alleges LinkedIn accessed users’ Gmail, Yahoo, and other email accounts by pretending to be the account owner.  On its website, the  Los Angeles firm of Russ August & Kabat says, “The class action lawsuit charges LinkedIn with violations of federal and state law,” and solicits others to “Tell us your story.”

In the lawsuit, the firm cites numerous examples of posts on LinkedIn’s community site complaining about LinkedIn sending invitations to their contacts without their permission or knowledge. Typical of the cited complaints in the lawsuit is this one, posted in March to LinkedIn’s Help Center:

Accessing my contacts so that I can see who I’d like to connect with is
one thing. Spamming my entire contact database of everyone I’ve ever
emailed is definitely black hat tactics at growing users. This included
people I know, don’t know, email addresses from people off
Craigslist, even mailing lists received an “invite to connect” from me
today. I did not click on “invite all.” In fact, I clicked on “skip this
step.” Very disappointing.

While there’s no indication LinkedIn responded to any of the online complaints or requests for help, Charles Caro, executive director of an employment assistance service, who’s quoted in the lawsuit, responded to one string, explaining:

At some point in the recent past you opened your email address book to LinkedIn for the purpose of sending out invitations and you clicked to proceed with the operation before you fully read and understood what was about to happen.

In opening your email address book to LinkedIn without fully reading the instructions you explicitly allowed LinkedIn to send an invitation to *every* email address stored in your email address book.

LinkedIn not only sent an invitation to each of the email addresses in your email address book but also LinkedIn will send out two (2) invitation reminders to each email address in your email address book.


Many others, though, took issue with his claim they gave their permission, insisting, as one poster did, that “LinkedIn has done something they were not authorized to do. If you Google this issue there are many people upset over this.”

Similarly, each of the four named plaintiffs insist they never authorized LinkedIn to access their email accounts, harvest the addresses of all their contacts, and send them invitations to join the company, then send followup reminders. The only way to stop the reminders is to manually click each one individually, a process the lawsuit claims takes about 20 seconds per contact.

Lawit, posting on behalf of LinkedIn, insists:

  • We do not access your email account without your permission. Claims that we “hack” or “break into” members’ accounts are false.
  • We never deceive you by “pretending to be you” in order to access your email account.
  • We never send messages or invitations to join LinkedIn on your behalf to anyone unless you have given us permission to do so.

Lawit’s post goes on to say, “We do give you the choice to share your email contacts, so you can connect on LinkedIn with other professionals that you know and trust. We will continue to do everything we can to make our communications about how to do this as clear as possible.”

However, New York Times blogger Vindu Goel, discussing LinkedIn’s signup process, which is where the issue begins, says, “It’s not hard to see how someone new to the service could accidentally send an invitation to everyone they know, including casual acquaintances and people they would rather not connect with ever again.”

“Instead of asking you to opt in by checking off which specific contacts you want to invite, LinkedIn requires you to opt out by unchecking the “select all” button. If you are not careful, hundreds of invitations can go out — no second thoughts or cooling-off period provided.”

In addition to the hacking claim,  the lawsuit also charges LinkedIn misappropriated the plaintiffs’ identify for commercial gain, violated of California’s unfair business practices and privacy laws, and committed a violation of the federal wiretap law.


This article is part of a series called News & Trends.
Get articles like this
in your inbox
Subscribe to our mailing list and get interesting articles about talent acquisition emailed weekly!