Four plaintiffs filed a class-action suit in US district court in San Jose on Friday claiming that LinkedIn used its member’s identities without consent and broke into their third party e-mail accounts to send promotional e-mails to the members’ contact lists. The 46-page complaint details many instances in which users complained to LinkedIn about this practice, especially in instances where LinkedIn sent e-mails to “the addresses of spouses, clients, opposing counsel, etc.”
LinkedIn, the plaintiffs claim, “provides no functional way to stop multiple subsequent advertising e-mails from being sent.” The plaintiffs say that the extent of the data-gathering was not adequately conveyed in the Terms of Service.
“If a LinkedIn user leaves an external e-mail account open,” the complaint continues, “LinkedIn pretends to be that user and downloads the e-mail addresses contained anywhere in that account to Linkedln’s servers. LinkedIn is able to download these addresses without requesting the password for the external e-mail accounts or obtaining users’ consent.”
This “hacking” appears to stem from LinkedIn’s “Grow your network on LinkedIn” page encouraging users to click a button on the page, which allows the company to slurp up the contacts list of the third-party e-mail account with which the member signed up, if the member is logged into that e-mail account in the same browser. If the user is not logged into their third-party e-mail account, LinkedIn allegedly requests the password for that account “to ostensibly verify the identity of the user,” although the company then apparently uses the password to get access to the user’s contacts…