LinkedIn has become nearly a necessity in the business world. It started out to be as a place to connect, liaise, and “link” up, and now it’s become an important business tool. Moreover, it has become a go-to place for those seeking employment.
A loophole was found in the social network that allows users to post job openings on any company’s LinkedIn page. A Dutch recruiter discovered that he could post job openings for any company, even Google.
You have to admit that’s a huge loophole. It could lead to both nefarious individuals and practical jokers posting phony jobs to any company that has a LinkedIn profile.
While examining a phishing campaign that was aimed at LinkedIn users, sending them fake invitations to join a company that were attached to malware, Dutch recruiter Michel Rijnders discovered that the problem actually goes further with a security loophole allowing anyone to post jobs, not just hackers.
In his trials of this flaw, Rijnders was able to post ads looking to fill CEO vacancies at LinkedIn itself as well as Google. Doing his due diligence, he then contacted the social network to let them know of his discovery.
“Dear LinkedIn,” he wrote, “Everyone that pays a small amount of money can post a job on LinkedIn. It’s easy. You fill in a few details, like the employer. And that’s where the problem is. Everyone can post jobs that are assigned to any employer of their choosing.
“For example, I can post a job at LinkedIn – you recommend to receive applications via LinkedIN, but I can also set up an external URL to which applicants for your job are redirected,” he added. He also attached a screenshot of his job notice for chief executive officer at LinkedIn.
LinkedIn responded, assuring him they were not about posting fake jobs. “Thank you Michael Rijnders for bringing this to our attention,” read the response. We’ve removed the posting, and we’re resolving the issue that allowed this post to go live.
“LinkedIn is a place for real people to have real conversations about their careers,” continued the company. “It’s not a place for fake jobs — we are committed to stopping fraudulent jobs from ever reaching our members through automated technology and the help of our members reporting any suspicious job postings.”
This function went even further for Rijnders than what he expected. Former Google product manager Parthi Loganthan posted the Google Jobs ad for CEO at Google that was created by Rijnders.
“Applying to be the CEO of Google on LinkedIn. Sundar’s been doing a great job so far. $GOOG Q2 earnings were strong, so a little strange to see this opening,” quipped Loganthan regarding the current Google CEO Sundar Pichai.
Rijnders retweeted Loganthan and added, “LOL. Never thought of the fact that the LinkedIn loophole would also make my jjobpost for CEO of Google appear on Google Jobs.
LinkedIn followed up and told Adweek, “The issue has now been resolved. Fradulent job postings are a clear violation of our Terms of Service. When they are brought to our attention, we quickly move to take them down.”
He further explained this job-posting service is only allowed with the knowledge of both parties. “However, we’re running a test that allows small-/ and medium-sized businesses to post a limited number of jobs for free. This member was part of that test.”
Will This Hurt LinkedIn?
This obviously won’t hurt Google at all. It’s just amusing that you can post a fake job ad for Google CEO and have it reach the Google Jobs board.
However, this could harm LinkedIn. Perhaps people will begin to take it less seriously. Not like the social network is in danger of being viewed the same as Craigslist, but it could lose some of its reputation in this if too many nefarious individuals and pranksters take advantage of the loophole.
What do you think of the LinkedIn loophole? Do you think it will harm their reputation? Add your thoughts to our comments below.
Image Credit: Today Testing via Wikimedia Commons and Public domain