LinkedIn, the owner of the world’s most popular professional-networking website, was sued by customers who claim the company appropriated their identities for marketing purposes by hacking into their external e-mail accounts and downloading contacts’ addresses.
The customers, who aim to lead a group suit against LinkedIn, asked a federal judge in San Jose, California, to bar the company from repeating the alleged violations and to force it to return any revenue stemming from its use of their identities to promote the site to non-members, according to a court filing.
“LinkedIn’s own website contains hundreds of complaints regarding this practice,” they said in the complaint filed on Tuesday, which also seeks unspecified damages.
LinkedIn claims to have the largest online professional network with more than 238 million members, including executives from every Fortune 500 company. Its chief executive, Jeff Weiner, is quoted in the complaint as saying on a second-quarter earnings call: “This strong membership growth is due in large part to new growth optimisation efforts.”
LinkedIn fell 2.1 per cent on Friday in New York to close at US$243.90 a share.
Doug Madey, a spokesman for the Mountain View, California-based company, said the lawsuit was without merit.
“LinkedIn is committed to putting our members first, which includes being transparent about how we protect and utilise our members’ data,” he said.
LinkedIn required members to provide an external e-mail address as their user name on its site, then used the information to access their external email accounts when they were left open, according to the complaint.
“LinkedIn pretends to be that user and downloads the e-mail addresses contained anywhere in that account to LinkedIn’s servers,” they said. “LinkedIn is able to download these addresses without requesting the password for the external email accounts or obtaining users’ consent.”
Brian Guan, a LinkedIn software engineer, described his role on the company’s website as “devising hack schemes to make lots of $$$ with Java, Groovy and cunning at Team Money!” according to the complaint. Java is a programming language and computing platform released by Sun Microsystems in 1995. Groovy is a another language for the Java platform.
The plaintiffs, who are seeking a jury trial, provided a link to the engineer’s post, http://www.linkedin.com/in/brianguan, which they said they last visited on September 13.
The customers blamed the use of their contacts on LinkedIn’s strategy, which they quoted from a regulatory filing, to “pursue initiatives that promote the viral growth of our member base”, according to the complaint.
Deborah Lagutaris, whose LinkedIn profile describes her as a tax preparer, real estate broker and former law clerk, said LinkedIn contacted more than 3,000 people in her name, including those copied in on her email messages.
“This means that not only direct email contacts but peripherals” were used, she said. “I contacted LinkedIn and they said: ‘Oh, you can remove all those invitations from your account manually. We don’t know what happened.’”
Instead, she said she added a disclaimer to her LinkedIn page saying she hadn’t sent the invitations.
Jeffrey Barr of Livingston, New Jersey, said that he estimated LinkedIn used as many as 200 names and email addresses of his contacts, inviting them to connect with him on the site.
“Some of the people I hadn’t talked to in five to 10 years, including several old girlfriends I had forgotten to delete,” he said.
LinkedIn told him he had not unchecked a default setting allowing it to use the emails, he said.
According the complaint, it was part of LinkedIn’s growth initiative also to send multiple emails endorsing its products, services, and brand to potential new users, following up with additional messages to people who did not sign on.
The existing users have no way to stop the process, the plaintiffs said.
“These ‘endorsement emails’ are sent to email addresses taken from LinkedIn users’ external e-mail accounts including the addresses of spouses, clients, opposing counsel, etc,” according to the complaint.
The actions were taken even though LinkedIn assures its users when they log in, “We will not email anyone without your permission,” the plaintiffs said.
“LinkedIn’s appropriation of email addresses to send multiple reminder emails promoting its service is motivated by monetary gain,” they said.
* Bloomberg News
