Same this happens with the professional's social network 'LinkedIn'. LinkedIn allows you to connected with person to you know by professional or personal. It also have the another good feature by which you can ask to be introduced to someone you’d like to meet by sending a request through someone who bridges your separate social networks. Celebrities, executives or any other LinkedIn users who wish to avoid unsolicited contact requests may do so by selecting an option that forces the
requesting party to supply the personal email address of the intended recipient.
But bad for LinkedIn that its inbuit feature creates a problem for its users. LinkedIn finding friends features leaks the user personal email address. According to the researcher from Wash. based security firm Rhino Security Labs, explained this issue and clarify how an attacker can target a users or celebrity email address. With the low-tech hack also users can targets celebrities, entrepreneur email address.
When you sign up for a new account, for example, the service asks if you’d like to check your contacts lists at other online services (such as Gmail, Yahoo, Hotmail, etc.). The service does this so that you can connect with any email contacts that are already on LinkedIn, and so that LinkedIn can send invitations to your contacts who aren't already users.
LinkedIn assumes that if an email address is in your contacts list, that you must already know this person. But what if your entire reason for signing up with LinkedIn is to discover the private email addresses of famous people? All you’d need to do is populate your email account’s contacts list with hundreds of permutations of famous peoples’ names — including combinations of last names, first names and initials — in front of @gmail.com, @yahoo.com, @hotmail.com, etc. With any luck and some imagination, you may well be on your way.
When you import your list of contacts from a third-party service or from a stand-alone file, LinkedIn will show you any profiles that match addresses in your contacts list. More significantly, LinkedIn helpfully tells you which email addresses in your contacts lists are not LinkedIn users.
For the same researcher Mark Cuban had used to sign up for LinkedIn. Seely said they found success in locating the email addresses of other celebrities using the same method about nine times out ten. Cuban says -
“We created several hundred possible addresses for Cuban in a few seconds, using a Microsoft Excel macro,” Seely said. “It’s just a brute-force guessing game, but 90 percent of people are going to use an email address that includes components of their real name.”
This something like social engineering or luck by chance. We like to here from our readers that, What they think about this features of social media platform? Any suggestion or recommendation to prevent this from users end? Share your views on the comment box.
Source: Krebson security