LinkedIn’s security has been viral last week when cybersecurity researchers at FireEye warned everyone of a malicious phishing campaign attributed to the Iranian-linked APT34.
This campaign targeted LinkedIn users with bogus invitations to join a professional network and malware-laced attachments.
Dutch recruiter Michel Rijnders just discovered a security loophole that allowed users to post job openings on a company’s official LinkedIn page, even with no link or the association, and certainly with no permission being given.
The posting is then also showed up on the company’s job page along with the other posts that are given the company itself. Rijnders exposed this particular flaw by publicly posting vacancies for CEO spots at LinkedIn and Google.
Rijnders found a serious flaw within the LinkedIn feature that allows the users to post a job opening on the LinkedIn business page. These fake listings almost look legitimate just like the official job listings just like any other job openings listed on the page.
Rijnders exposed this issue publicly, posting the vacancies for the CEO spots at both LinkedIn and Google.
And so, while this loophole has just been closed, this news should be taken as another warning that social media is carrying the same risks as the wider internet and users should always proceed with caution.
Usually, when posting for a job opening, LinkedIn does take charges for it, but Rijnders said that he is a premium subscriber and had posted fake job openings for free. Rijnders has also even been able to take LinkedIn users offsite by linking his own business website to the “Apply” button on the job listing.
These loopholes are very dangerous as these allow the scammers to post fake official-looking listings where people provide a lot of personal information when applying for a job. However, LinkedIn is aware of the Security issue and has taken care of it.
Other LinkedIn users also replied to Rijnders’ LinkedIn post saying that they’ve brought up this problem to the company before.
“LinkedIn is a place for real people to have real conversations about their careers. It’s just not a place for fake jobs,” Rockwell continued. “Posting the jobs without the explicit permission or knowledge of another party is against our Terms of Service. We are always being committed to stopping fraudulent jobs from ever reaching our members through automated technology and the help of our members reporting any suspicious job postings.”
While Rijnders also confirmed that his fake LinkedIn and Google listings were also being removed by the company, he was still able to exploit this flaw to create a Mashable lusting after more than 24 hours.
And millions of LinkedIn users got surprised when the high-profile job of Google CEO Sundar Pichai was up there on Microsoft-owned professional networking platform and some people even applied to it to become what would be a dream job on Earth. Later, LinkedIn also accepted that it was actually a security bug that lets users post an official-looking job opening on nearly any firm’s LinkedIn business page. The company has since fixed the issue, however, it is unclear if the job posting process has changed in any significant way.
These unofficial listings which showed up on a company’s “Jobs” page and looked like any other job opening posted legitimately by the organization, Mashable reported on Sunday.
The job posting for the Google CEO, which is being put up by Michel Rijnders, evoked mixed responses from LinkedIn users.