LinkedIn loophole helped recruiter create fake job posting for Google CEO
Netherlands recruiter Michel Rijnders, who discovered the loophole, said he was able to create fake job posts for Google and LinkedIn CEOs at no cost.Updated: Jul 29, 2019 18:16 IST
Is Google looking for a replacement for CEO Sundar Pichai? Not really. Turns out a loophole in LinkedIn allowed anyone to post fake job openings on the company pages. These fake job openings not only appeared on company’s LinkedIn pages but also showed up in Google’s listing for job searches.
Netherlands-based recruiter Michel Rijnders, who discovered the loophole, claimed that the bug allowed him to create job openings for Google and Linkedin CEOs. He also pointed out that he was able to create these job postings at no cost.
“When I create a job post for a company, no questions are asked. You recommend to receive applications via LinkedIn, but I can also set up an external url to which applicants for your job are redirected,” he wrote in a post.
Rijnders pointed out that the loophole could allow anyone to abuse the platform and fetch sensitive details of users. He also recommended that LinkedIn should make it impossible for users to post jobs for other companies or have a disclaimer that the job posting has not been authorised by the company.
Google is looking for a Chief Executive Officer pic.twitter.com/SvqRBNU3Th— Michel Rijnders (@rijnders) July 25, 2019
“When you are evil you can promote your business via LinkedIn company pages of competitors. Or you abuse this system to catch personal details of applicants that think they are applying at LinkedIn, or the NSA. Phishing and identity fraud are no unlikely scenarios. But the real bad guys probably can think of better frauds than I can,” he added.
LinkedIn is looking for a Chief Executive Officer. pic.twitter.com/mLlTQnKWi7— Michel Rijnders (@rijnders) July 25, 2019
Responding to Rijnders’ findings, LinkedIn said the loophole was a bug that was accidently made live and that it has already been patched.
“This issue was caused by a bug in our online jobs experience that allowed members to edit the company after a job had already been posted. The issue has now been resolved. Fraudulent job postings are a clear violation of our terms of service. When they are brought to our attention, we quickly move to take them down. While we do allow companies to post on behalf of other companies (such as in the case of recruiting firms), this is only permitted with the knowledge of both parties,” LinkedIn is quoted as saying.
“Regarding free job postings, we have not historically had free job postings as part of the LinkedIn experience. However, we’re running a test that allows small and midsized businesses to post a limited number of jobs for free. This member was a part of that test,” it added.
First Published: Jul 29, 2019 13:20 IST