LinkedIn makes it too easy to leak contacts’ email addresses

LinkedInEarlier this week my colleague Pablo Teijeira, who is based in our Madrid office, unintentionally shared the email addresses of some of his associates in the computer security field.

We all know how easy it can be to accidentally cc: a whole bunch of people rather than bcc: them, but in this case LinkedIn was at least partly to blame.

No great harm was done on this occasion, but Pablo was still upset that the incident had occurred.

So, why did it happen?

Sign up to our free newsletter.
Security news, advice, and tips.

It turns out it’s because of a setting that LinkedIn uses when you share information with others on the business network, that you have to consciously opt-out from.

LinkedIn dialog box

See there at the bottom?

[X] Allow recipients to see each other's names and email addresses

It’s easy to overlook, as Pablo did, and when he tried to do a colleague a favour by suggesting them as a contact to a wide array of associates he mistakenly also revealed all of their email addresses to each other.

I know I would have been miffed if someone had revealed the email address I use on LinkedIn to such an audience.

That’s because, the email address which I use on LinkedIn is not one that I use for any other purpose. I intentionally gave LinkedIn a unique email address, because I was interested to see if that email address would ever be shared with any other service without my permission – so allowing other LinkedIn users to reveal it to strangers is not something I look kindly upon.

I can understand that LinkedIn wants as many of its members to discover each other as possible, but having an option like this doesn’t help you keep your email address private. I would like LinkedIn to change its default, so this option isn’t enabled as standard.

In fact, I would like it if I could be the one who chose if someone else can reveal my LinkedIn email address, rather than leave it to the person forwarding the message. Shouldn’t there be a privacy setting to always keep information like this secret?

PS. If you’re a Spanish reader you might want to read Pablo’s Teijeira’s blog or follow him on Twitter for your Spanish-language security fix.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.