14 DAY TRIAL // In February, the beta version of an email finder tool called SellHack was released. The app is a browser extension that enables users to find the hidden email addresses of LinkedIn users. However, experts have found that SellHack is not as innocent as it looks, and LinkedIn wants it removed.
SellHack is a browser extension that works with Chrome, Firefox and Safari. After it’s installed in the web browser, when users visit someone’s LinkedIn profile, they’re presented with a “Hack In” button.
When it’s pressed, SellHack starts searching the Web for the targeted user’s email address. If an exact match is not found, the tool tries to guess the address.
The application doesn’t hack into LinkedIn and it only relies on publicly available data to come up with the email address. Its creators say it started as an internal email finder tool which they used for prospecting.
However, some internauts have found that SellHack is actually collecting email addresses, social media usernames and other information from the pages visited by the user and sends it back to its servers.
“I have a suspicion this app is harvesting all your LinkedIn contacts, uploading them to the app.sellhack.com server, and then as a ‘reward’ for you giving up all that info, you can pull other contacts back out of sellhack.com. If so, this is basically a Chrome virus,” Hacker News user pdq noted.
“Yup, that's exactly what it's doing. It's grabbing mailto's, email addresses, twitter handles, etc off pages you see – from you & your connections – and sending them back to its server,” responded the user eli after analyzing the source code. “By using this extension you are compromising your friends' privacy!”
LinkedIn urges users who have installed SellHack to uninstall the extension and ask its developer to remove collected data from their servers. The professional social media platform’s representatives have told Yahoo Tech that a cease and desist letter has already been sent to SellHack due to “several violations.”
“We advise LinkedIn members to protect themselves and to use caution before downloading any third-party extension or app. Often times, as with the SellHack case, extensions can upload your private LinkedIn information without your explicit consent,” LinkedIn Senior Manager of Corporate Communications Krista Canfield told Yahoo Tech.
Softpedia has reached out to the creators of SellHack to see if they want to comment on the accusations. We’ll update the article if they respond to our inquiry.
Update. SellHack has decided to deactivate the plugin for the time being. The company wants to develop a new version that doesn't violate LinkedIn's terms of service. Check out our follow-up on this story.