LinkedIn outage prompts security concerns
The website's domain name was temporarily redirected to a different server
IDG News Service - LinkedIn's domain name was temporarily redirected to a third-party server Thursday, which resulted in a service outage and potentially put user accounts at risk of compromise.
Uptime monitoring service Pingdom recorded that LinkedIn was unavailable between 2:21 a.m. and 6:16 a.m. U.K. time. Some users trying to access the website saw a domain parking page offering the domain for sale, according to user reports on Hacker News.
During the outage, LinkedIn's customer service team said on Twitter that the problem was caused by a DNS (Domain Name System) issue, but did not specify why it occurred.
Bryan Berg, co-founder of the App.net social feed service, described the issue as a DNS hijacking and said that LinkedIn's traffic was directed to the network of a company called Confluence Networks. Because LinkedIn does not use SSL by default, users who tried to access the site during the incident might have exposed their session cookies in plain text to another server, he said.
Session cookies are text files containing unique IDs that websites set in browsers in order to remember authenticated users. Attackers who steal a user's session cookie can put it into their own browser and access that user's account.
"Starting few hours ago, we received reports about some sites (including linkedin.com) pointing to IPs [Internet Protocol addresses] allotted to our ranges," Confluence Networks said in a notice published on its website. "We are in touch with the affected parties & our customer to identify the root cause of this event."
Confluence Networks describes itself as a colocation and network services provider that has business relationships with data centers in various geographical regions.
In a later update, the company noted that it received verification that the issue was caused by human error and was not security related.
The company did not immediately respond to a request for comment seeking more information about the incident and the names of other websites that have been redirected to its network.
"For a short time early on Thursday morning, linkedin.com was not accessible to a majority of our members," LinkedIn spokesman Darain Faraz said via email. "We have been told by the company that manages our domain that this was due to an error made on their end. Our team was able to quickly address the issue, and the site is returning to normal."
From a technical standpoint, the incident could have security implications for LinkedIn users, according to Bogdan Botezatu, a senior e-threat analyst at security vendor Bitdefender.
"As the hijack took place at the DNS level, chances are that the cookies have been sent to the wrong website if the user has not enabled the SSL security feature via the LinkedIn Account Settings," he said via email.
Unlike other online service providers such as Google or Twitter, which use HTTPS (HTTP Secure) by default for all connections and therefore encrypt them with SSL, LinkedIn supports SSL only as an option.
Cookies have an attribute called "Secure" that can be used to instruct the browser to only transmit them over secure, HTTPS connections. However, if SSL is not used, cookies have the Secure value set to false and can be sent in plain text over HTTP, Botezatu said.
"Since LinkedIn cookies appear to have a lifespan of roughly three months and we don't know whether they have been collected by the rogue end-website, changing the account password would be the wisest choice now," he said.
In an updated statement sent via email LinkedIn said that the incident occurred Wednesday evening, that it wasn't caused by malicious activity and that it doesn't believe any LinkedIn member data was compromised in any way.
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts