LinkedIn outage prompts security concerns

The website's domain name was temporarily redirected to a different server

LinkedIn's domain name was temporarily redirected to a third-party server Thursday, which resulted in a service outage and potentially put user accounts at risk of compromise.

Uptime monitoring service Pingdom recorded that LinkedIn was unavailable between 2:21 a.m. and 6:16 a.m. U.K. time. Some users trying to access the website saw a domain parking page offering the domain for sale, according to user reports on Hacker News.

During the outage, LinkedIn's customer service team said on Twitter that the problem was caused by a DNS (Domain Name System) issue, but did not specify why it occurred.

Bryan Berg, co-founder of the social feed service, described the issue as a DNS hijacking and said that LinkedIn's traffic was directed to the network of a company called Confluence Networks. Because LinkedIn does not use SSL by default, users who tried to access the site during the incident might have exposed their session cookies in plain text to another server, he said.

Session cookies are text files containing unique IDs that websites set in browsers in order to remember authenticated users. Attackers who steal a user's session cookie can put it into their own browser and access that user's account.

"Starting few hours ago, we received reports about some sites (including pointing to IPs [Internet Protocol addresses] allotted to our ranges," Confluence Networks said in a notice published on its website. "We are in touch with the affected parties & our customer to identify the root cause of this event."

Confluence Networks describes itself as a colocation and network services provider that has business relationships with data centers in various geographical regions.

In a later update, the company noted that it received verification that the issue was caused by human error and was not security related.

The company did not immediately respond to a request for comment seeking more information about the incident and the names of other websites that have been redirected to its network.

"For a short time early on Thursday morning, was not accessible to a majority of our members," LinkedIn spokesman Darain Faraz said via email. "We have been told by the company that manages our domain that this was due to an error made on their end. Our team was able to quickly address the issue, and the site is returning to normal."

From a technical standpoint, the incident could have security implications for LinkedIn users, according to Bogdan Botezatu, a senior e-threat analyst at security vendor Bitdefender.

"As the hijack took place at the DNS level, chances are that the cookies have been sent to the wrong website if the user has not enabled the SSL security feature via the LinkedIn Account Settings," he said via email.

Unlike other online service providers such as Google or Twitter, which use HTTPS (HTTP Secure) by default for all connections and therefore encrypt them with SSL, LinkedIn supports SSL only as an option.

Cookies have an attribute called "Secure" that can be used to instruct the browser to only transmit them over secure, HTTPS connections. However, if SSL is not used, cookies have the Secure value set to false and can be sent in plain text over HTTP, Botezatu said.

"Since LinkedIn cookies appear to have a lifespan of roughly three months and we don't know whether they have been collected by the rogue end-website, changing the account password would be the wisest choice now," he said.

Join the CSO newsletter!

Error: Please check your email address.

Tags online safetyGooglesecurityLinkedInAccess control and authenticationtwitterbitdefender

More about Google

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Lucian Constantin

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts