LinkedIn was inaccessible for users yesterday thanks to what the company has described as a DNS “error” by its domain registrar, allaying fears attackers were trying to steal users’ data and hijack accounts.
The professional networking firm said its site was recovering for some members seven hours ago, but the latest statement indicated problems continued throughout the morning. TechWeekEurope is currently able to access the site, and the firm has now said it is functioning again.
Late last night, it was claimed users who visited the site were redirected to a parking page for a site called confluence-networks.com, ostensibly for a company providing networking services.
The issue appears to have been caused by a bug, not an infection, sitting on the domain name server used by a large chunk of LinkedIn users. The same problem is believed to have hit local search site Yelp and others, according to CloudFlare CEO Matthew Prince.
DNS servers translate website names into IP addresses of requested sites, looking across a chain to get the correct ones.
If DNS poisoning had taken place, or the authoritative DNS server has been compromised, as some had suspected, it could have been bad news for users. Such attacks can be used to redirect victims to malicious websites that serve up malware, or session cookies could be pilfered to hijack accounts.
“LinkedIn just got DNS hijacked, and for the last hour or so, all of your traffic has been sent to a network hosted by this company [confluence-networks.com]. And they don’t require SSL, so if you tried to visit, your browser sent your long-lived session cookies in plaintext,” said Bryan Berg, co-founder of App,net.
It appears Berg and others were wrong, however, and there is no security scare in sight.
“Starting few hours ago, we received reports about some sites (including linkedin.com) pointing to IPs allotted to our ranges,” says a statement on the Confluence site. “We are in touch with the affected parties & our customer to identify the root cause of this event. “
What do you know about Internet security? Find out with our quiz!
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…