LinkedIn Customers Allege Company Hacked E-Mail Addresses

LinkedIn Corp., owner of the world’s most popular professional-networking website, was sued by customers who claim the company appropriated their identities for marketing purposes by hacking into their external e-mail accounts and downloading contacts’ addresses.

The customers, who aim to lead a group suit against LinkedIn, asked a federal judge in San Jose, California, to bar the company from repeating the alleged violations and to force it to return any revenue stemming from its use of their identities to promote the site to non-members, according to a court filing.

“LinkedIn’s own website contains hundreds of complaints regarding this practice,” they said in the complaint filed Sept. 17, which also seeks unspecified damages.

LinkedIn claims to have the largest online professional network with more than 238 million members, including executives from every Fortune 500 company. Chief Executive Officer Jeff Weiner is quoted in the complaint as saying on a second-quarter earnings call, “This strong membership growth is due in large part to new growth optimization efforts.”

LinkedIn fell 2.1 percent yesterday in New York Stock Exchange trading to close at $243.90.

Doug Madey, a spokesman for Mountain View, California-based LinkedIn, said the lawsuit is without merit and the company will fight it.

‘Members First’

“LinkedIn is committed to putting our members first, which includes being transparent about how we protect and utilize our members’ data,” he said yesterday in an e-mail.

LinkedIn required the members to provide an external e-mail address as their username on its site, then used the information to access their external e-mail accounts when they were left open, according to the complaint.

“LinkedIn pretends to be that user and downloads the e-mail addresses contained anywhere in that account to LinkedIn’s servers,” they said. “LinkedIn is able to download these addresses without requesting the password for the external e-mail accounts or obtaining users’ consent.”

In a post today on the LinkedIn blog, Blake Lawit, the company’s senior director of litigation, said the allegation that LinkedIn breaks into the e-mail accounts of members who choose to upload their address books to the site is not true.

The company doesn’t access customers’ e-mail accounts without their permission, he said. Nor does LinkedIn “pretend” to be a customer to gain access to the user’s e-mail account, he said.

‘Never Send’

“We never send messages or invitations to join LinkedIn on your behalf to anyone unless you have given us permission to do so,” Lawit wrote.

LinkedIn software engineer Brian Guan described his role on the company’s website as “devising hack schemes to make lots of $$$ with Java, Groovy and cunning at Team Money!” according to the complaint. Java is a programming language and computing platform released by Sun Microsystems in 1995. Groovy is a another language for the Java platform.

The plaintiffs, who are seeking a jury trial, provided a link to the engineer’s post,, which they said they last visited Sept. 13.

Guan left the company in May 2012, Shannon Stubo, a LinkedIn spokeswoman, said today in an e-mail.

‘Viral Growth’

The customers blamed the use of their contacts on LinkedIn’s strategy, which they quoted from a regulatory filing, to “pursue initiatives that promote the viral growth of our member base,” according to the complaint.

In an e-mail to Bloomberg yesterday, Deborah Lagutaris, whose LinkedIn profile describes her as a tax preparer, real estate broker and former law clerk, said LinkedIn contacted more than 3,000 people in her name, including those copied in on her e-mail messages.

“This means that not only direct e-mail contacts but peripherals as well,” were used, she said. “I contacted LinkedIn and they said, ‘Oh, you can remove all those invitations from your account manually. We don’t know what happened.’”

Instead, she said she added a disclaimer to her LinkedIn page saying she hadn’t sent the invitations.

Jeffrey Barr of Livingston, New Jersey, said in an e-mail that he estimated LinkedIn used as many as 200 names and e-mail addresses of his contacts, inviting them to connect with him on the site.

‘Old Girlfriends’

“Some of the people I hadn’t talked to in five to 10 years, including several old girlfriends I had forgotten to delete,” he said.

LinkedIn told him he hadn’t unchecked a default setting allowing it to use the e-mails, he said.

According the complaint, it was part of LinkedIn’s growth initiative also to send multiple e-mails endorsing its products, services, and brand to potential new users, following up with additional messages to people who didn’t sign on.

The existing users have no way to stop the process, the plaintiffs said.

“These ‘endorsement e-mails’ are sent to e-mail addresses taken from LinkedIn users’ external e-mail accounts including the addresses of spouses, clients, opposing counsel, etc.,” according to the complaint.

The actions were taken even though LinkedIn assures its users when they log in, “We will not e-mail anyone without your permission,” the plaintiffs said.

“LinkedIn’s appropriation of e-mail addresses to send multiple reminder e-mails promoting its service is motivated by monetary gain,” they said.

The lead lawyer handling the customers is Larry Russ of Russ August & Kabat PC in Los Angeles.

The case is Perkins v. LinkedIn Corp., 13-cv-04303, U.S. District Court, Northern District of California (San Jose).

Before it's here, it's on the Bloomberg Terminal.