A few days ago, Brian Krebs wrote a blog post that details a method of obtaining the LinkedIn e-mail addresses of its existing users. The method exploits the way LinkedIn connects people. When you make a new LinkedIn account, you are allowed to upload a list of e-mail addresses, and if any of those e-mails matches the e-mail of a LinkedIn user, LinkedIn will show you the profiles of those users.
The problem is that LinkedIn has no way of knowing if you actually know the individuals on your list. This allows spammers to harvest e-mails by uploading a list of e-mail addresses that potentially belong to celebrities. Because many people user their real names in their e-mail addresses, it isn’t surprising that at least some guesses are correct.
This exploit clearly highlights the danger in Continue reading LinkedIn Feature Exposes E-Mail Addresses