LinkedIn security loophole tricked users with fake job listing

Jul 29, 2019, 8:33 am

Moupiya D.

SEE ALL

Dutch recruiter Michel Rijnders came out with a LinkedIn loophole that allowed posting job openings on the official page of LinkedIn without permission whatsoever. The posting is then showed up in the company’s job page along with the other posts that are given the company itself. Rijnders exposed the flaw by publicly posting vacancies for CEO spots at LinkedIn and Google.

Everyone that pays a small amount of money can post a job on LinkedIn. It’s easy. You fill in a few details, like the employer. And that’s where the problem is. Everyone can post jobs that are assigned to any employer of their choosing. For example, I can post a job at LinkedIn – you recommend to receive applications via LinkedIn, but I can also set up an external URL to which applicants for your job are redirected – Michel Rijnders, Dutch recruiter

Rijnders discovered a serious flaw within the LinkedIn feature that is allowing users to post a job opening on the LinkedIn business page. These fake listings look legitimate like official job listings just like any other job openings listed on the page.

Usually, when posting for a job opening, LinkedIn does take charges for it, but Rijnders said that he is a premium subscriber and had posted fake job openings for free. Rijnders has even been able to take LinkedIn users offsite by linking his own business website to the “Apply” button on the job listing.

These loopholes are dangerous as these allow scammers to post fake official-looking listings where people provide a lot of personal information when applying for a job. However, LinkedIn is aware of the Security issue and has taken care of it.

Thank you, Michel Rijnders, for bringing this to our attention, we’ve removed the posting, and we’re resolving the issue that allowed this post to go live – Paul Rockwell, Head of trust and safety, LinkedIn

Rijnders exclaims that albeit the issue being taken care of, it does not instill enough confidence for its users.

TechGenyz Reporter
Icon