LinkendIn’s auto-fill plugin reportedly leaked user data

By: Costea Lestoc
2 minute read
linkedin security issues

Microsoft purchased LinkedIn back in 2016 and until now there haven’t been any problems with the service. You might have found the LinkedIn AutoFill plugin useful, but it seems that there’s more to it than meets the eye. The plugin is vulnerable to leaking member data such as name, email address, location, phone number and users’ workplaces if the sire that is using this feature is susceptible to cross-site scripting exploits.

LinkedIn limits this feature to some websites

The feature is only limited to a small number of approved websites. ZDNet reported that at least one of these websites was found vulnerable to the exploit and it allows security research Jack Cable to exfiltrate LinkedIn user profile data just when a user clicked on the webpage of the site.

Cable stated that user data could be exposed to any website just if you click somewhere on that page and this is triggered by the fact that the AutoFill button can be invisible, spanning the whole page.

User data can be exposed regardless of privacy settings

Unfortunately, it doesn’t even matter how your privacy settings are configured because your information could still be exposed.

For instance, if I set my privacy settings to not display my last name or email address and display a general location, this still returns my full name, email address, and zip code.

Cable revealed the sad news of the exploit’s existence after LinkedIn failed to fix the flaw and shut down communication with Cable.


In case you want to be secure while surfing the internet, you will need to get a full-dedicated tool to secure your network.  Install now Cyberghost VPN and secure yourself. It protects your PC from attacks while browsing, masks your IP address and blocks all unwanted access.


Eventually, LinkedIn managed to fix the exploit

LinkedIn found and fixed the problem and also addressed it. Here’s what they said:

We immediately prevented unauthorized use of this feature, once we were made aware of the issue. While we’ve seen no signs of abuse, we’re constantly working to ensure our members’ data stays protected. We appreciate the researcher responsibly reporting this, and our security team will continue to stay in touch with them.

For more information on how to keep your personal data private while online, check out the guides listed below:

For various PC problems, we recommend this tool.

This software will repair common computer errors, protect you from file loss, malware, hardware failure and optimize your PC for maximum performance. Fix PC issues now in 3 easy steps:

  1. Download this PC Repair Tool rated "Excellent" on TrustPilot.com.
  2. Click “Start Scan” to find Windows issues that could be causing PC problems.
  3. Click “Repair All” to fix all issues with Patended Technologies (requires upgrade).

Next up

Best Windows 10 antivirus software to use in 2018

By: Radu Tyrsina
7 minute read

Update – 2018 will soon come to an end and we already have a guide on what is the best antivirus you should get in […]

Continue Reading

These features are out for good with Windows 10 version 1809

iamsovy@gmail.com' By: Sovan Mandal
2 minute read

Microsoft is all set to launch its next big update, Windows 10 version 1809 in October. While that should be a nice piece of news […]

Continue Reading

Windows 10 18H2 builds no longer receive new features

By: Matthew Adams
3 minute read

The Windows 10 October 2018 Update (otherwise 18H2) rollout might now be two to three weeks away. For the last few months, new build previews […]

Continue Reading

Discussions