A lawsuit seeking class action status was filed in federal court claiming that LinkedIn hacked into external email accounts of its members and sent out numerous spam invitations. While users were logged into web-based email accounts such as GMail, Yahoo! Mail, Microsoft mail and others, the social networking giant allegedly broke state and federal laws in accessing member accounts without their knowledge and permission. As has become commonplace, an employee's use of social media is cited as conspicuous additional proof of nefarious activity.
The LinkedIn Lawsuit - Privacy and Spam Accusations
Your email address is worth money - at least $10 per use says LinkedIn and as cited in the civil complaint. This is what the company charges subscribers for each "InMail" communication with a person who is not a linked connection to the member and thus not "in network." The plaintiffs (through their attorneys) claim that the company was deliberately engaged in an overzealous effort to find new subscribers when it broke California state computer fraud and abuse laws, privacy and rights of publicity laws, the Stored Communications Act and the Wiretap Act.
What makes this lawsuit more disconcerting than others is that LinkedIn was accused of using harvested email addresses to solicit new members in the guise of a user approved email. In other words, the company used its own "seal of trust" to send out emails to private contacts as a more effective way of new member conversion. The complaint cited several complaints on the LinkedIn website, including one from a distraught woman who had invitations to connect with her sent to a mentally disturbed person whose email address was contained in her private email account. Looking at LinkedIn's own website reveals a significant number of complaints about "hacking and spamming" by the company. One in particular which has dozens of comments from other members states:
When I finally joined, I made sure I did not tick anything that could be construed as permission to send invitation spam in my name. Yet now it's happening. Accessing people's email address lists without their permission, and sending spam in their name without asking, is not acceptable.
Principal Software Engineer Brags on Social Media?
The complaint alleges (and the company disputes) that LinkedIn's software engineer (who is currently "on sabbatical from high tech slacking") posted on Linkedln at some point that his role is “devising hack schemes to make lots of $$$ with Java, Groovy and cunning at Team Money!” On its company blog, in house counsel denies the allegations and asserts that LinkedIn's core value is "Members First." They assert that the company did not hack member accounts and that it would not conduct activities without the user's consent. This lawsuit challenges those assertions and places into question whether LinkedIn (1) provided adequate disclosure to members about its services and polices, (2) actually had member permission to perform these activities, and (3) regardless of whether they had permission, whether users adequately understood what was being harvested.
- Legal Practice:
- Rights - Privacy
- US Federal