Netherlands-based recruiter Michel Rijnders discovered the problem and posted his findings on the Microsoft-owned professional social network. The potentially serious flaw made it possible for users to post an unofficial job posting on nearly any company’s LinkedIn business page. These listings don’t just show up on the company’s “Jobs” page, but also on Google, which scrapes job listing information from different recruitment websites.
— Michel Rijnders (@rijnders) July 25, 2019 Usually, creating job postings requires a premium subscription, but Rijnders said he went on to create job postings for a Chief Executive Officer for Google and LinkedIn at no cost. “When I create a job post for a company, no questions are asked. You recommend to receive applications via LinkedIn, but I can also set up an external url to which applicants for your job are redirected,” Rijnders wrote.
— Michel Rijnders (@rijnders) July 25, 2019 Posting fraudulent jobs without a company’s knowledge is a violation of its terms and service. In addition to fooling a candidate into applying for positions that are non-existent, it can be abused by bad actors to redirect job seekers to an external website that can collect their sensitive information. After Rijnders made the post, LinkedIn’s head of trust and safety, Paul Rockwell, said in a comment that the company has removed the posting and that they’re working to resolve the issue that published his job listings. In a statement to Adweek, LinkedIn later said it has patched what appears to be a bug that accidentally went live as part of a test that made it possible for small business to post some jobs for free: Regarding free job postings, we have not historically had free job postings as part of the LinkedIn experience. However, we’re running a test that allows small and midsized businesses to post a limited number of jobs for free. This member was a part of that test.
