We often think that the bigger, most widely used platforms are foolproof with no errors or bugs of any kind. We now know differently. Last Thursday, an interesting job posting appeared. So interesting people thought that it wasn’t real; while they were correct, it looked and seemed like the real deal.
Sundar Pichai, the current CEO of Google, also noticed a job opening that felt strange to him. This is because the job opening belonged to him. He had no plans of leaving and there were no signs of termination, so this perplexed him greatly. It turns out Michael Rijnders, the founder of a Dutch recruiting company called Flexwerven created the post. He wanted to illustrate a LinkedIn bug that allowed users to create job posts without companies’ permission.
Rijnders wanted to prove a point, and people took notice. The bug allowed users to edit a job posting after a job has been posted by the company to resemble an official-looking job opening. Of course, only those with exceptional hacking, bug-finding capabilities can pull off such a top-notch accomplishment; but that isn’t to say that it’s impossible. Rijnders showed us that it could be done, and it could be done at no cost, at that.
Why this is an issue
Rijnders wrote “everyone can post jobs that are assigned to any employer of their choosing.” On top of the fake post appearing on LinkedIn, it showed up in a post on Google Jobs, which even took Rijnders by surprise. People were so confused due to the overall success of Google lately.
The job applications could be received on LinkedIn or they could set up an external URL for applicants to be redirected to from the post. “Phishing and identity fraud” were two potential issues stemming from fraudulent job posts, according to Rijnders. He also said that the job search engine called Jooble posts jobs without permission from companies, which is obviously frowned upon.
According to Paul Rockwell, LinkedIn’s head of Trust and Security: “The issue was caused by a bug in our online jobs experience that allowed members to edit the company after a job had already been posted. The issue has now been resolved.” Rockwell also explained that a recruiting firm is permitted to post a job on LinkedIn on behalf of a company, with that company’s permission. LinkedIn ran a test allowing small and medium businesses to post some jobs for free, and Rijnders was part of that test. Still, big job titles like that should remain, you know, not tampered.
All in all, LinkedIn plans to make changes to avoid anything like this in the future.
What are your thoughts on what Michael Rijnders did? Let us know!