The heart of tech is coming to the heart of the Mediterranean. Join TNW in València this March 🇪🇸

This article was published on July 29, 2019

LinkedIn fixed a flaw that let someone post a job opening for Google’s CEO position

LinkedIn fixed a flaw that let someone post a job opening for Google’s CEO position
Ravie Lakshmanan

LinkedIn has closed a loophole that allowed almost anyone to post a job listing on company pages without any authorization.

Netherlands-based recruiter Michel Rijnders discovered the problem and posted his findings on the Microsoft-owned professional social network.

The potentially serious flaw made it possible for users to post an unofficial job posting on nearly any company’s LinkedIn business page. These listings don’t just show up on the company’s “Jobs” page, but also on Google, which scrapes job listing information from different recruitment websites.

Usually, creating job postings requires a premium subscription, but Rijnders said he went on to create job postings for a Chief Executive Officer for Google and LinkedIn at no cost.

“When I create a job post for a company, no questions are asked. You recommend to receive applications via LinkedIn, but I can also set up an external url to which applicants for your job are redirected,” Rijnders wrote.

Posting fraudulent jobs without a company’s knowledge is a violation of its terms and service. In addition to fooling a candidate into applying for positions that are non-existent, it can be abused by bad actors to redirect job seekers to an external website that can collect their sensitive information.

After Rijnders made the post, LinkedIn’s head of trust and safety, Paul Rockwell, said in a comment that the company has removed the posting and that they’re working to resolve the issue that published his job listings.

In a statement to Adweek, LinkedIn later said it has patched what appears to be a bug that accidentally went live as part of a test that made it possible for small business to post some jobs for free:

This issue was caused by a bug in our online jobs experience that allowed members to edit the company after a job had already been posted. The issue has now been resolved. Fraudulent job postings are a clear violation of our terms of service. When they are brought to our attention, we quickly move to take them down. While we do allow companies to post on behalf of other companies (such as in the case of recruiting firms), this is only permitted with the knowledge of both parties.

Regarding free job postings, we have not historically had free job postings as part of the LinkedIn experience. However, we’re running a test that allows small and midsized businesses to post a limited number of jobs for free. This member was a part of that test.

Also tagged with