LinkedIn caught spying on users’ browsers: sensitive data harvested
LinkedIn may have been spying on you, an investigation reveals, calling it “the largest corporate espionage and data breach scandals in digital history.”
-
An investigation alleges LinkedIn secretly scans users' browsers for over 6,000 extensions, potentially affecting 405M people worldwide.
-
Harvested extension data may reveal sensitive information including religious beliefs, political views, health conditions, and job-seeking activity.
-
The report claims LinkedIn shares collected data with HUMAN Security, a cybersecurity firm with ties to Israeli intelligence unit veterans.
-
LinkedIn firmly denies the allegations, stating browser detection is used solely to protect platform integrity and prevent scraping violations.
An investigation by Fairlinked e.V., a group representing commercial LinkedIn users, reveals that the popular business-focused social platform has been secretly collecting sensitive user data, potentially affecting 405 million people.
According to the report, LinkedIn deploys code on its website that scans users’ browsers for installed software, including browser extensions.
The code checks for thousands of specific extensions using their unique identifiers, compiles the findings, encrypts the data, and sends it to LinkedIn’s servers. According to the report, LinkedIn shares this data with third-party companies, including an American-Israeli cybersecurity firm, HUMAN Security.
All data extraction occurs silently in the background without explicit user consent and is not disclosed in LinkedIn’s public privacy policy.
That is stirring privacy controversy, because LinkedIn accounts reveal real identities, including users’ names, employers, and job titles, and any collected data could be linked with identifiable individuals.
The claims were published as part of the group’s “BrowserGate” campaign. The investigator group calls it one of the “largest corporate espionage and data breach scandals in digital history.”
What data is being harvested when you use LinkedIn?
Some of the browser extensions identified in the scan may indicate sensitive personal information, including religious beliefs, political views, health conditions, or whether a user is actively seeking employment.
According to a report, Microsoft injects malicious JavaScript into the LinkedIn website and searches each user’s browser for installed software applications. In total, there were over 6000 extensions that Linkedin scan for.
“LinkedIn scans for extensions that identify practicing Muslims, extensions that reveal political orientation, extensions built for neurodivergent users, and 509 job search tools that expose who is secretly looking for work on the very platform where their current employer can see their profile,” the group said.
Under the European Union’s General Data Protection Regulation (GDPR), processing such categories of data typically requires explicit user consent. Fairlinked alleges that LinkedIn does not obtain this consent or disclose the practice.
LinkedIn is also reported to detect a wide range of competing software tools, including major platforms like Salesforce, HubSpot, and Pipedrive, potentially allowing it to map which companies rely on which services.
In total, the scan is said to cover more than 200 competing products, including tools such as Apollo, Lusha, and ZoomInfo.
"We use this data to determine which extensions violate our terms, to inform and improve our technical defenses, and to understand why a member account might be fetching an inordinate amount of other members' data, which, at scale, impacts site stability. We do not use this data to infer sensitive information about members,"
a LinkedIn representative said.
Links to Unit 8200
According to the report, harvested LinkedIn data is shared with HUMAN Security (formerly White Ops), a cybersecurity firm founded in Brooklyn, New York, in 2012.
The company operates across two main areas: media security and enterprise security, focusing on detecting and preventing fraud, abuse, and unauthorized activity in digital environments.
In 2022, the company merged with Israeli company PerimeterX, founded by ex-officers of Unit 8200, a cyber warfare division within the Israeli Defense Forces (IDF).
The company boasts around $100 million in annual revenue.
Check if your data has been leaked
LinkedIn denies any wrongdoings
LinkedIn firmly rejected the claims as inaccurate on Hacker News. According to the company, the individual behind the accusations had their account restricted due to scraping activities and other violations of LinkedIn’s Terms of Service. The company emphasized that its actions are rooted in safeguarding user privacy, maintaining data integrity, and ensuring platform stability.
According to LinkedIn, some extensions include static resources, such as images and JavaScript, that can be injected into the platform's webpages. They can detect the presence of these extensions by checking if that static resource URL exists. This detection is visible inside the Chrome developer console.
"We use this data to determine which extensions violate our terms, to inform and improve our technical defenses, and to understand why a member account might be fetching an inordinate amount of other members' data, which, at scale, impacts site stability. We do not use this data to infer sensitive information about members," wrote a LinkedIn representative in a comment.
LinkedIn stated that after the account restriction was imposed, the website owner pursued legal action in Germany, seeking an injunction on the grounds that LinkedIn had violated multiple laws. As noted in the comment, the court ultimately rejected these claims, concluding they lacked merit, and found that the individual’s data practices were not compliant with legal standards.
"Unfortunately, this is a case of an individual who lost in the court of law, but is seeking to re-litigate in the court of public opinion without regard for accuracy," the comment read.
Unlock more exclusive Cybernews content on YouTube.
