LinkedIn's Covert Browser Scanning Exposed in BrowserGate Report

Severity: High (Score: 65.0)

Sources: Bleepingcomputer, News.Ycombinator, Cybersecuritynews, Gbhackers

Summary

A report by Fairlinked e.V. reveals that LinkedIn is secretly scanning the computers of its one billion users for installed software and browser extensions without consent. This covert operation, dubbed 'BrowserGate', utilizes hidden JavaScript to collect data on over 6,000 extensions, including those related to competitors and sensitive personal information. The scanning method links results to identifiable user profiles, allowing LinkedIn to map which companies use competing products. The report suggests that this data is used to identify and threaten users of third-party tools. LinkedIn's practices have raised significant concerns regarding privacy violations and corporate espionage. The company has not denied the scanning but claims it is for user protection. Investigations are ongoing, and legal actions may follow as the implications of this surveillance unfold. Key Points: • LinkedIn scans users' computers for over 6,000 browser extensions without consent. • Data collected includes sensitive personal information and competitor tool usage. • Legal actions may be initiated against LinkedIn for privacy violations.

Key Entities

• Data Breach (attack_type)
• Malware (attack_type)
• BrowserGate (campaign)
• Germany (country)
• T1041 - Exfiltration Over C2 Channel (mitre_attack)
• Chrome (tool)
• Chromium (platform)