ZipRecruiter Data Misuse

UPDATE 31 October 2019 - LinkedIn Status has changed due to it being confirmed after publication of this post from a representative that they do not have a system to verify the legitimacy of a company, rather it is up to the job seeker to 'report' job postings.

At the time of publishing this, 30 October 2019,  ZipRecruiter has emailed me on 25 October 2019 requesting the company name and are looking into the issue. 

So, let's talk about ZipRecruiter. Last week, I discovered that my data submitted to a job application on their site was given to a third party company. I detailed the sequence of events as it happened via my twitter account in a thread.

So let's summarize the events from last week of data misuse:

On October 15th was the first time I officially started using ZipRecuiter as a means to apply for jobs. I applied to 5 companies on their site that day. On the morning of October 16 I received an email from, let's call this company Company X, asking me to click a link to verify my email address and in the very same second thanking me for verifying and welcoming me to the platform. I never clicked the link to verify, and Company X was not one of the companies I applied to that day.

So I found the support email on Company X website and sent an email requesting the account I never created to be deleted and to know from where my data was retrieved from and how my email and other details were inputed into their system.

Yes, I wanted my account I never created removed but I also wanted to know where they retrieved my data from - your digital footprint is something that should be in your control not in the hands of a company's algorithm to create a fraudulent account from data you never gave consent for them to take.

An hour or so later they replied to my email saying they would remove the account immediately and let me know how my data entered their database. I waited 7 days for Company X to tell me how they got my data, and when they didn't respond I sent a follow up email on October 23 asking how and where my data was retrieved from so that I could act accordingly.

They retrieved my data from a ZipRecruiter application.

It turns out when I applied for a job on ZipRecruiter, Company X has a feature on their site that once someone applies to a job that's also listed on their job board on ZipRecruiter then it creates an account on their website.

So: ZipRecruiter has a job that Company X also has on their job board -> job seeker applies via ZipRecruiter -> Company X creates an account on their website that is never mentioned on ZipRecruiter application.

The only thing listed on the ZipRecruiter application is Company Y, the company that is looking to fill the position not Company X that ALSO has the position listed on their site. So, job seekers may have accounts on company sites like X and not even realize that ZipRecruiter is not regulating enough and companies like Company X take their data to another database.

Company X is now decommissioning this feature after my back and forth email with them requesting how they got my data.

If I wasn't paying attention to my email on the morning of October 16th, I wouldn't have even noticed that an account was created for me without my consent - as I mentioned above Company X didn't even need me to verify my email by clicking, their algorithm verified my email and fraudulent account even though they sent me an email to verify and I never did.

I decided to take a look at ZipRecruiter's Terms and Conditions. I began to wonder what it said relating to third parties taking data submitted through ZipRecruiter. The terms and conditions confirmed the illegality of sharing data with a third party, yet here we are.

Is ZipRecruiter regulating companies that post a job posting? Company X had a feature on their website that when a job seeker applies on ZipRecruiter to Company Y, then the job seeker's data is sent to Company X database to create an account without the job seeker's consent.

How are they keeping track of companies with this feature? Is the only way for companies like Company X to get caught taking data without the job seeker's consent dependent on if the job seeker keeps a close eye on their email? Company X decommissioned the feature the second I requested to know where they retrieved my data from. As ZipRecruiter operates in Europe as well, GDPR, I began to wonder how safe was it to actually use this site as a means to find a job.

I was always told that ZipRecruiter was an external recruiter, so job seeker applies and someone else submits you to the position rather than a direct contact of job seeker applies -> applied to position.

What I found was actually worse.

It turns out ZipRecruiter does not verify or authenticate Users or guarantee that a job advertisement is suitable, legitimate or real. So, quite literally, anyone can say they're a company hiring for XYZ and you as a job seeker can be put in danger if you see an ~official~ looking email from a company that doesn't exist at all setting a time for an interview. Also some people do put their phone number and address on their resume which means they [the person posing as a company looking to hire] have a direct means to access you and know where you live.

So I went through a few job board sites terms and conditions so you don't have to.

Looking for a job means you're constantly on multiple different job boards trying to find opportunities. Most companies use more than one site or just use one particular site to promote their new opportunity. I know going through terms and conditions of a site is something we have to check off on when creating an account, but realistically speaking a lot of us just click check and never read the terms and conditions. So, I decided to go through the terms and conditions or reach out directly where necessary to job board sites and list my findings in alphabetical order to the answer of one question: Does the job board verify the legitimacy of a company and position posted?

❌ AngelList

This took longer to find that I thought it would. AngelList's terms of use has a main section and three sub-sections: Terms of Service, Talent General Terms, Source Terms, Jobs Terms. The section that we job seekers care about in terms of verifying the job offer is in Terms of Service and Talent General Terms.

Terms of Service: According to IV. Limit of the Company's Obligation section B. Verifying Due Diligence, AngelList does not verify materials or information provided by entrepreneurs.

Verifying Due Diligence. We are not responsible for doing diligence on the Entrepreneurs, Investors, Job Seekers or other users you meet through AngelList or verifying any representations, materials or other information provided by Entrepreneurs, Investors, Job Seekers or other users to you.

Talent General Terms: According to V. Release and Indemnity they do not verify the accuracy of any content.

Without limiting the foregoing, you acknowledge that Users are solely responsible for (i) verifying and ensuring the accuracy, completeness and legality of any Content; (ii) determining the suitability of any Candidate for any job or opportunity posted through the Services (including, by way of interviews, vetting, references, background checks and other similar actions);

❌ Dice

Dice is fairly new to me - I discovered them as I was looking for jobs on NY Times Jobs and one of the links led me here. Based on their terms and conditions, your use of the site is entirely at your own risk and they do not verify the accuracy of the job posting.

The Company does not evaluate or censor the resumes, job listings or other information posted to the Site. Moreover, the Company is not involved in the actual transaction, if any, between potential employers and candidates. Consequently, we have no control over the quality, safety or legality of the job listings or resumes posted to the Site, the truth or accuracy of such job listings or resumes, the ability of employers to hire candidates or the ability of candidates to fill job openings.

✅ Elpha

Elpha is a community where women in tech talk candidly online - think Reddit + LinkedIn but better. After reaching out to Elpha via email, the Co-founder and COO Kuan Luo confirmed that they verify the companies by doing their own research and by talking with the founders/team directly.

In terms of submitting an application, the open roles for the company they themselves verify are listed on Lever, GreenHouse or AngelList. Kuan also mentioned that they rely on member feedback to ensure that the Elpha community members have a positive experience connecting with and interviewing at their partner companies.

❌ Glassdoor

According to section D. Applying on Glassdoor, they do not guarantee the identity of an employer and caution job seekers when applying to jobs. You as the job seeker are responsible for verifying the job posting. A snippet of their terms of use is below:

Glassdoor does not guarantee the identity of an employer or any individuals working for any employers, and cautions job seekers when applying to jobs. Glassdoor does not guarantee the validity of a job offer and cautions job seekers to verify the validity of a job offer before taking an adverse action regarding their current employment situations. You are solely responsible for verifying the accuracy of any employer or job offer.

❌ Indeed

According to Indeed General Terms of Service, 1A, they do not guarantee the identity of an employer and caution job seekers when applying to jobs. You as the job seeker are responsible for verifying the job posting. Unless it says 'apply on company site', I would advise not to apply on Indeed.

Indeed does not guarantee the identity of an Employer or any individuals working for any Employers, and cautions Job Seekers when applying to jobs. Indeed does not guarantee the validity of a job offer and cautions Job Seekers to verify the validity of a job offer before taking an adverse action regarding their current employment situations. Job Seekers are solely responsible for verifying the accuracy of any Employer or job offer.

⚠️LinkedIn

LinkedIn is universally known as the best way to look/search for jobs, here is what I was able to determine from their terms and conditions:  They specify that companies are not allowed to intentionally misrepresent a job, hiring company or poster. Companies also do have to pay to post their job posting, and LinkedIn must accept the job posting.

Also included in 2. Job Services:

Without limiting the prohibitions in the User Agreement or any other applicable agreement, you agree that you will not, and you will not enable or authorize any third party, by virtue of the Postings, Destinations, or use of the Jobs Services, to:

• Create Postings without a reasonable and legitimate intent to hire for a bona fide job opportunity or the specific position listed.

In order for someone to make a LinkedIn Business/Company page they also have a criteria to meet as a means for verifying the legitimacy of a company including: your personal profile must be at least 7 days old, have multiple connections to demonstrate strong networking skills to show that the profile is not a fake, and an email address listed that is from your company (i.e. not a personal email such as gmail or hotmail).

I reached out via email to clarify their terms and conditions and according to a Member Support Consultant only authorized personnel can post jobs for specific companies. However, they do not have a specific system that verifies all of the job postings on LinkedIn but they do have a well equipped team to handle any report of certain job postings that could be false.

For this reason, after much consideration, I've decided to give them a hazard sign. They do have some sort of criteria, but at the end of the day they do not have a system that verifies all of the job postings on LinkedIn and it is up to the job seeker to report job postings that seem illegitimate. 

✅ TechLadies

TechLadies is a great community that connects you with the best jobs and opportunities in tech. After reaching out to TechLadies via email, the CEO and Founder Allison Esposito Medina confirmed that they vet each job posting to make sure the company is real to the best of their ability. They look at fundraising sites such as Crunchbase, search for founders online, and view sites, such as Glassdoor, for reviews of the application process etc. to piece together if the company is legitimate. Although Allison mentions that this isn't entirely foolproof, what sets them apart from others is that their site is paid and they charge hiring fees. So, the company aiming to be on their job board must be established enough to have a budget set aside.

By charging hiring fees and requiring payment to be given the privilege of being on their job board, this weeds out fake companies/start-ups with no actual end goal. The job posting is not posted on their job board unless the payment has gone through.

TechLadies is a closed community so in order for applicants to even view the job board, they have to apply to be accepted into the community. Allison confirmed that TechLadies does not share or sell anyone's data and the only time a company will receive an application from a TechLadies member is if the member applies to that job specifically.

⚠️ Way Up

This is a company that was not straightforward in their terms and conditions on whether or not they verify the accuracy and legitimacy of a job posting. They do not verify candidates (job seekers) who apply for jobs but they do not mention if this is the same attitude towards employers. However, they do mention that they may look into job postings at their own discretion but they are not obligated to.

The reason why they have a ⚠️ rather than a ❌is because they do not explicitly say they do not verify the job posting rather they say can look into the job posting if they feel like it.

At the start of their Terms and Agreements:

For avoidance of doubt, WayUp disclaims any responsibility for any employment or contracting opportunities, employment or contracting services, or any other services or products acquired or made available through our Services

In section 2. Verification:

By registering with our Services, you hereby authorize WayUp to verify any representations and warranties you make either pursuant to these Terms or within any materials submitted during the registration process, including conducting background checks, contacting any provided references, and reviewing public records. You acknowledge that while WayUp reserves the right to verify these representations and warranties, WayUp is not obligated to do so, and may choose not to do so, at WayUp’s sole discretion.

In section 3. Listing Employment or Contracting Opportunities:

For avoidance of doubt, each Job Posting must comply with all restrictions hereunder, including those governing the submission of User Content and general use of our Services. WayUp may, but is not obligated to, make an independent investigation of the Job Posting to ensure full compliance with these Terms. If WayUp determines, in its sole discretion, that any representation or warranty made by you pursuant to these Terms is in any way false, incomplete, or inaccurate, WayUp may, at any time, reject, remove, or suspend or delay the posting of your Job Posting, in whole or in part. WayUp may, but is not obligated to, provide you with an explanation for the rejection or removal of any of your Job Postings from our Services.

TWITTER | INSTAGRAM | YOUTUBE | PINTEREST | GOODREADS