In what was supposed to be a nifty new mobile app, LinkedIn's Intro is now being put under the microscope over security concerns.
Intro is a new service integrated into the iPhone Mail app that allows users to see LinkedIn profile information when receiving emails. So instead of seeing a bland email signature from Jane Doe, users are able to view Jane's profile picture, job title, education history and mutual contacts, among other information.
Sounds pretty cool, especially coming from LinkedIn, a company that hasn't exactly been innovative on the mobile front. But security researchers think otherwise.
In order for Intro to work, LinkedIn needs to decrypt emails, insert profile information and then re-encrypt it. This process could possibly compromise secure information and allow hackers access to private data.
“I don’t think people who use this are seriously thinking about the implications of LinkedIn seeing and changing their email,” Richard Bejtlichs, the chief research officer at computer security company Mandiant, told The New York Times. He continued, "I worry LinkedIn is not going to treat this as the holy grail for people’s email, even though it is. The risk is that you essentially trust a box, run by LinkedIn, with your email. It’s a target for someone that wants to get to your email."
This same tactic was used by Iranian hackers to break into Gmail in 2011 and Edward Snowden claimed the National Security Agency used the same technique to gain access Google traffic data, the Times reported.
In a blog post, LinkedIn rebuffed the claims that Intro could expose private information and ensured users their data was safe. Let's hope so, as LinkedIn doesn't exactly have a stellar record for securing user's information. The company made headlines in 2012 when 6.4 million accounts were hacked.
Let us know in the comments below.