| Here's what may have happened: when you go to LinkedIn, you regularly get shown a box (inline) inviting you to do something, like endorse people's skills. One of those boxes invites you to "grow your network". It's not all that explicit as a call-to-action, as in the text may just be a slogan. The main focal point of that box is a login & password form, which looks exactly like the regular login form that users get when they want to do something that requires explicit re-authentication. In other words: it's common to have to enter your login/password on LinkedIn, this looks a bit like one of those cases, so users will blindly start typing. If they use the same email/password combo for their email account as for their LinkedIn account, then they've just given LinkedIn access to that email-account. The box itself is quite deliberately misleading. Unlike the regular invitations to load your addressbook, there are no Google or Yahoo logo's, and no explicit descriptions. I don't know whether there is a more explicit request for permission at the next step before it starts sucking in conctacts, I don't dare entering a valid password. If there is a next step that requires explicit confirmation, than this "trap" (which it quite obviously is) is merely annoying and a bit scummy. If there isn't, I think they have a good case, because this is would basically be phishing in reverse. |
I've noticed that the "People you may know" section started to contain faceless placeholder entries with emails from my address book (though, I'm not sure if/when I've given the iOS app the address book access).