LinkedIn has closed a loophole that allowed almost anyone to post a job listing on company pages without any authorization.
Netherlands-based recruiter Michel Rijnders discovered the problem and posted his findings on the Microsoft-owned professional social network.
The potentially serious flaw made it possible for users to post an unofficial job posting on nearly any company’s LinkedIn business page. These listings don’t just show up on the company’s “Jobs” page, but also on Google, which scrapes job listing information from different recruitment websites.
LOL. Never thought of the fact that the LinkedIn loophole would also make my jobpost for CEO of Google appear on Google Jobs. https://t.co/q5j8c2Elte
— Michel Rijnders (@rijnders) July 25, 2019
Usually, creating job postings requires a premium subscription, but Rijnders said he went on to create job postings for a Chief Executive Officer for Google and LinkedIn at no cost.
“When I create a job post for a company, no questions are asked. You recommend to receive applications via LinkedIn, but I can also set up an external url to which applicants for your job are redirected,” Rijnders wrote.
The <3 of EU tech
The latest rumblings from the EU tech scene, a story from our wise ol' founder Boris, and some questionable AI art. It's free, every week, in your inbox. Sign up now!
LinkedIn is looking for a Chief Executive Officer. pic.twitter.com/mLlTQnKWi7
— Michel Rijnders (@rijnders) July 25, 2019
Posting fraudulent jobs without a company’s knowledge is a violation of its terms and service. In addition to fooling a candidate into applying for positions that are non-existent, it can be abused by bad actors to redirect job seekers to an external website that can collect their sensitive information.
After Rijnders made the post, LinkedIn’s head of trust and safety, Paul Rockwell, said in a comment that the company has removed the posting and that they’re working to resolve the issue that published his job listings.
In a statement to Adweek, LinkedIn later said it has patched what appears to be a bug that accidentally went live as part of a test that made it possible for small business to post some jobs for free:
This issue was caused by a bug in our online jobs experience that allowed members to edit the company after a job had already been posted. The issue has now been resolved. Fraudulent job postings are a clear violation of our terms of service. When they are brought to our attention, we quickly move to take them down. While we do allow companies to post on behalf of other companies (such as in the case of recruiting firms), this is only permitted with the knowledge of both parties.
Regarding free job postings, we have not historically had free job postings as part of the LinkedIn experience. However, we’re running a test that allows small and midsized businesses to post a limited number of jobs for free. This member was a part of that test.
Get the TNW newsletter
Get the most important tech news in your inbox each week.