Join us at TNW Conference 2022 for insights into the future of tech →

The heart of tech

This article was published on October 24, 2011

LinkedIn fixes bug which exposed celebrities’ email addresses

LinkedIn fixes bug which exposed celebrities’ email addresses
Martin Bryant
Story by

Martin Bryant

Founder

Martin Bryant is founder of Big Revolution, where he helps tech companies refine their proposition and positioning, and develops high-qualit Martin Bryant is founder of Big Revolution, where he helps tech companies refine their proposition and positioning, and develops high-quality, compelling content for them. He previously served in several roles at TNW, including Editor-in-Chief. He left the company in April 2016 for pastures new.

LinkedIn has patched a bug identified yesterday by a Dutch user of the service, which allowed him access to high profile people’s email addresses.

Posting initially about the bug to Twitter yesterday, Dennis Albinus of Aamigoo, claimed to have obtained the email addresses of Bill Gates and Ashton Kutcher among others through the technique, which took advantage of a problem with the way sent invitations were handled by the service.

Many celebrities and high profile people protect their profiles by requiring users to know their email address before sending a contact request through LinkedIn. A bug in service’s iPhone app (which still works as of now) allows anyone to send a contact request to those people without needing their email address.

However, thanks to another bug (now fixed), by jumping over to the LinkedIn website, these invitations were showing up in the ‘Sent messages’ section, allowing you to ‘reply all’ – sending an email containing the invite to both the invitee and yourself. Albinus found that these emails, once received in him email inbox, contained the address of the person he’d invited in the ‘cc’ field. A long-winded process, but one that those who protected their email addresses would be unlikely to be happy about.

Albinus has forwarded some of the email addresses he obtained this way to The Next Web, confirming that the technique worked as of  yesterday. He also sent us an email from LinkedIn which confirms that they have fixed the bug and thanking him for his help.

However, it appears you can still send contact requests to people who have protected their accounts via the LinkedIn iPhone app, so there’s still most definitely a bug there that still needs fixing.

Lot Keijzer, Marketing Director at LinkedIn in the Netherlands tells us:

“Last night a LinkedIn user alerted us to a ‘bug’. Linkedin has acted and replied immedialty and the bug has been fixed. We appreciate that our users are paying attention and are alerting us”

Image Credit / Nan Palmero