LinkedIn Says Glitch, Not FSB, to Blame for Russian Job Postings

LinkedIn Wednesday blamed an issue with its job ingestion tool–not Russian hackers or an online scam–as the reason the business social network was erroneously posting jobs located in Russia for a number of U.S.-based companies.

The custom software tool that pulls in jobs from third-party websites onto LinkedIn’s site failed to flag job postings with incorrect locations from some of those sites, Sophie Sieck, a corporate communications manager for Microsoft/LinkedIn, told Security Ledger Wednesday.

It’s this problem that made a “small number” of job postings for companies as varied as the US Army, the State of Florida, Dollar Tree, The University of Idaho and defense contractor General Dynamics have incorrect location assignments in Russian cities such as St. Petersburg and Moscow–instead of their actual locations in Florida and Idaho, respectively–when they were uploaded to LinkedIn, she said.

“When we pulled them in, it looked like they already were in St. Petersburg, Russia, because the third party site had it in there,” Sieck explained. “When it came into our system, our system got confused. It would take the location from where the job was posted and assign it back and assign it into our mapping system.”

This resulted in job postings that, if they were already erroneously tagged in the third-party listing, they also would appear that way on LinkedIn, she acknowledged.

LinkedIn currently is working to take down all of the postings with incorrect locations and has deployed a fix to the bug, which Sieck said affected less than 1 percent, which would be about 200,000, of the roughly 20 million job listings on the site.

“It didn’t impact paid jobs, or those custom uploaded–only jobs that we pulled in from third parties,” she said.

Sieck’s comments are in response to a report Security Ledger published last Friday noting that bogus LinkedIn job postings for leading U.S. organizations popping up for Russian locales like St. Petersburg and Moscow, those companies or organizations have no offices in Russia Security services firm Evolver pointed out the situation to us earlier that week.

Chip Block, Evolver’s vice president, said his team noticed the issue on the evening Thursday, Jan. 3, when researchers observed a problem among some of its clients–who have no offices in Russia–listing Russian locations for jobs based in the United States.

Evolver worked on the behalf of those clients with LinkedIn to have the phony ads removed, Block told us. Evolver wrote about the situation in a a blog post. Block also said at the time that he believed the problem had been going on for at least a couple of months.

Bad actor or bad software?

Initially, Block and his colleagues believed the problem was due to some kind of hacker activity or online scam, not a software bug. “We are pretty sure this is a man-in-the-middle data-capture scheme,” he told Security Ledger after a few days of observing the issue.

Evolver’s assessment was due to the fact that if someone clicked on the link to apply to an incorrectly located job posting, then text and even ads in Russia would appear. Once on one of those screens, a user–if he or she clicked on a link–would be asked to enter his or her e-mail before being redirected to the job site.

“This is not being done by LinkedIn, but someone external,” Block told us last week. “Someone is using this to capture emails and create potential targets.”

After further examination of the problem, Sieck said this is not the case. “We haven’t detected anything crazy going on,” she said.

While LinkedIn’s job-ingestion tool “was doing what it was supposed to do” by pulling in the job listings as they were posted, it wasn’t doing “everything it was supposed to do,” which included realizing the locations on the third-party sites were wrong, Sieck said.

“Our system should be able to catch if a company is not located in St. Petersburg Russia,” she told us. “We have tons of guardrails in place to flag fraudulent job listings [or other inaccuracies]. This just wasn’t getting caught for whatever reason.”

LinkedIn continues to be in touch with Evolver to ensure the company hasn’t missed anything and completely solves the issue, Sieck added, something Block also confirmed to Security Ledger Wednesday.

In the meantime, the company encouraged its members to report any messages or postings they believe are scams to the company so they can deal with them in a timely way, including any job posting that asks for personal or financial information, or perform any monetary transaction, the company said.