Professional social network LinkedIn was discovered to use hidden code to test thousands of extensions and collect visitors’ hardware parameters.
According to the BrowserGate report of the Fairlinked organization and is a security site BleepingComputer confirm, LinkedIn embeds a java script into each page load. The code is capable of scanning the user’s browser to search for 6,236 extensions on Chrome if they are installed, while also collecting detailed device measurement data.
The hidden scripts work by attempting to access file resources associated with a specific extension’s ID, a technique that has been documented to search for the extension’s presence on Chromium-based browsers. The list of monitored utilities has grown from about 2,000 in 2025 to more than 6,000 today.
Besides utilities, LinkedIn also collects user device hardware parameters including: number of CPU cores, available memory capacity, screen resolution, time zone, language settings and battery status. This data is typically used to create anonymous device profiles, but because LinkedIn accounts are tied to real names, occupations and companies, they can be used to accurately identify individuals.
The report from Fairlinked said that many of the targeted utilities were sales support tools or data mining from direct competitors to LinkedIn such as Apollo, Lusha or ZoomInfo. In total, there are more than 200 competitor products on the monitoring list of this professional social network. In addition, language, grammar tools or specialized software for the tax industry are also scanned even though they have no clear connection to the platform.
The collected data is said to be sent to HUMAN Security, an American and Israeli cybersecurity company, but the information has not been confirmed by third parties.
A LinkedIn spokesperson confirmed that data scanning is only for the purpose of detecting extensions that violate terms of service or perform illegal data “scraping”. “To protect members’ privacy and ensure site stability, we seek extensions that collect data without users’ consent,” the person said.
LinkedIn logo on smartphone and this platform website behind. Photo: Socialflyny
The Microsoft-owned social network also said that the Fairlinked report was published by an individual whose account had been locked for violating platform terms. Previously, a German court also rejected this individual’s lawsuit, supporting LinkedIn’s right to block accounts participating in automatic data collection.
LinkedIn is not the only major platform that uses the above data collection code insertion technique. In 2021, eBay also used this method to scan ports on visitors’ devices to search for remote control software. Similar code snippets were later found on the websites of many large banks and financial institutions.
https://hedgedoc.catgirl.cloud/s/vVPm_azByM
https://docs.localcharts.org/s/XEK73SHvV
https://www.mixcloud.com/thepointjetski/
https://doc.itkonzept.at/s/FS28MiJy3
https://hedgedoc.nixc.us/s/aAUqviNnL
https://rant.li/d871zp2nnm
https://pad.n39.eu/s/T4XotpxIKs
https://prestaliateens.com/profile/alquiler-motos-de-agua-en-marbella/
https://md.freiheitswolke.org/s/YshyDRBma8
https://pad.janniklorenz.de/s/Nx_lkK4dl
https://hackmd.diverse-team.fr/s/S1Q2hVk2-e
https://pad.n39.eu/s/R4siHH_wtY
https://docs.localcharts.org/s/MJAXUOMIL
https://doc.interscalar.eu/s/BvehHWoyI
https://secoir.org/profile/the-point-jet-ski/
https://pad.lamyne.org/s/27L06hjLY
https://doc.vorbild.top/s/08ybndA41Z
https://doc.buzzrage.net/s/Ruj3lLXgc
https://coub.com/thepointjetski
https://doc.asknet.community/s/xZ9LKLUeR
https://docs.snowdrift.coop/s/vKThm9ZCN
https://pad.nik.mx/s/UakACa4tYA
https://docs.erraticbits.ca/s/SBBdWsQTY5
https://dados.ufrj.br/user/maria26
https://profile.hatena.ne.jp/thepointjetski/profile