• A fake LinkedIn job posting for the role of Google CEO, currently held by Sundar Pichai, appeared on LinkedIn last Thursday.
  • The post was created by a the founder of a Dutch recruiting company to illustrate a LinkedIn bug that allowed users to create job posts without companies’ permission.
  • “The issue was caused by a bug in our online job experience that allowed members to edit the company after a job had already been posted. The issue has now been resolved,” Paul Rockwell, LinkedIn’s head of trust and safety, wrote in a statement.
  • Visit Business Insider’s homepage for more stories.

A LinkedIn bug allowed users to publish non-existent job postings for companies without their permission last week – including a post for Sundar Pichai’s role as Google CEO.

Michel Rijners, founder of Dutch online recruiting company Flexwerven, alerted LinkedIn to the issue on Thursday with a post on the professional networking platform titled “LinkedIn jobs, we have a problem.”

Rijnders wrote that “everyone can post jobs that are assigned to any employer of their choosing.” To prove his finding, he created fake job posts for CEO positions at Google and Linkedin.

https://twitter.com/rijnders/status/1154357254889594881?ref_src=twsrc%5Etfw

Later on Thursday, Rijnders tweeted that his fake LinkedIn post for Google CEO had also appeared on Google Jobs.

https://twitter.com/rijnders/status/1154514267825008641?ref_src=twsrc%5Etfw

Rijners noted in his post that he was able to create these job listings for free, and they appeared to be officially posted by the companies on LinkedIn. He could receive the job applications on LinkedIn or set up an external URL for applicants to be redirected to from the post. Rijners foresaw "phishing and identity fraud" as potential issues stemming from fraudulent job posts.

Rijners identified the job search engine Jooble as already posting jobs without permission from companies.

"For a while I noticed scrapers, like Jooble, posting massive amounts of jobs at companies on LinkedIn without consent of those companies," Rijnders said in a statement to Mashable. "The bad thing is [the scrapers] collect the application details of applicants who think they actually apply at the company."

Paul Rockwell, LinkedIn's head of trust and safety, responded to Rijnders' post, saying the posting had been removed and LinkedIn was working to resolve the issue.

Rockwell also gave a statement to Mashable, saying "The issue was caused by a bug in our online jobs experience that allowed members to edit the company after a job had already been posted. The issue has now been resolved."

Rockwell explained that a recruiting firm is permitted to post a job on LinkedIn on behalf of a company, with that company's permission. LinkedIn was running a test allowing small and medium businesses to post some jobs for free, and Rijnders was part of that test, according to Rockwell.

"Fraudulent job postings are a clear violation of our Terms and Service. When they are brought to our attention, we quickly move to take them down," Rockwell wrote.

"When someone posts a job to our online job posting flow, and they are posting from an account that we know is not associated with the company or associated with an existing recruiter licence, then it's flagged for human review," a LinkedIn spokesperson told Business Insider on Monday. "That bug made it possible to circumvent that human review."