LinkedIn has patched a bug identified yesterday by a Dutch user of the service, which allowed him access to high profile people’s email addresses.
Posting initially about the bug to Twitter yesterday, Dennis Albinus of Aamigoo, claimed to have obtained the email addresses of Bill Gates and Ashton Kutcher among others through the technique, which took advantage of a problem with the way sent invitations were handled by the service.
Many celebrities and high profile people protect their profiles by requiring users to know their email address before sending a contact request through LinkedIn. A bug in service’s iPhone app (which still works as of now) allows anyone to send a contact request to those people without needing their email address.
However, thanks to another bug (now fixed), by jumping over to the LinkedIn website, these invitations were showing up in the ‘Sent messages’ section, allowing you to ‘reply all’ – sending an email containing the invite to both the invitee and yourself. Albinus found that these emails, once received in him email inbox, contained the address of the person he’d invited in the ‘cc’ field. A long-winded process, but one that those who protected their email addresses would be unlikely to be happy about.
Albinus has forwarded some of the email addresses he obtained this way to The Next Web, confirming that the technique worked as of yesterday. He also sent us an email from LinkedIn which confirms that they have fixed the bug and thanking him for his help.
However, it appears you can still send contact requests to people who have protected their accounts via the LinkedIn iPhone app, so there’s still most definitely a bug there that still needs fixing.
Lot Keijzer, Marketing Director at LinkedIn in the Netherlands tells us:
“Last night a LinkedIn user alerted us to a ‘bug’. Linkedin has acted and replied immedialty and the bug has been fixed. We appreciate that our users are paying attention and are alerting us”
Image Credit / Nan Palmero