LinkedIn DNS Hijacked, Traffic Rerouted

The networking site was down Wednesday night when its domain name system was hacked. Now users are worried a third-party has access to their account info.

Bad news for LinkedIn and its users: The site's DNS was hacked last night. The attack was first noticed by Bryan Berg, the founder of app.net, who warned LinkedIn's 200 million-plus users that all their long-lived cookies were sent in plaintext to an SSL-free, India-based site. If that's true, the cookies could be used to compromise LinkedIn user accounts.

LinkedIn used Twitter to reassure its users that all was well in cyberresume-land, but as of 8am EST, it had not yet sent out an all-resolved message.

The site, confluence-networks.com has since posted a notice on its homepage saying the following:

"Confluence Networks is a Colocation & Network service provider having tie-ups with data centers across various geographical regions. We don't host any services ourselves. Starting a few hours ago, we received reports about some sites (including linkedin.com) pointing to IPs allotted to our ranges. We are in touch with the affected parties & our customer to identify the root cause of this event. Note that it has already been verified that this issue was caused due to a human error and there was NO security-related issue caused by the same. More details will be provided shortly."

In June of 2012, LinkedIn confirmed more than 6 million passwords had been leaked online.

Add New Comment

0 Comments