Hacker News new | past | comments | ask | show | jobs | submit login

Yup, that's exactly what it's doing. It's grabbing mailto's, email addresses, twitter handles, etc off pages you see -- from you & your connections -- and sending them back to its server.

https://gist.github.com/anonymous/b15b1e3f6cfb8497e8f0#file-...

By using this extension you are compromising your friends' privacy!




This brings up an interesting point of social engineering compromising LinkedIn.

LinkedIn should immediately put a Captcha on their contact info display to stop this JS attack!


fuuu....

I tried it and it didn't work. I just uninstalled it.

THANKS YAHOO!


Yes it does work. Click Hack In and then Inspect Element of the Hack In DIV's. You can see the e-mail address easily.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: