LinkedIn social networking site hit by DNS hijacking


LinkedIn social networking site hit by DNS hijacking

Warwick Ashford

Professional networking site LinkedIn has been hit by a DNS hijacking attack, but the service appears to have been restored after two breaks, shown by monitoring service down right now.

LinkedIn acknowledged a “DNS issue” in a tweet around 3am BST, saying its engineers were working on it, but had not issued an update since.

DNS hijacking can be achieved in several ways, such as using malware to subvert the resolution of Domain Name System (DNS) queries to redirect traffic to a DNS server under the control of an attacker. co-founder Bryan Berg was first to blog about the security risk, noting that, for at least an hour, all LinkedIn traffic had been sent to a network hosted by

According to Berg, that site does not require SSL (secure sockets layer), which means that anyone who visited LinkedIn during the hijacking would have sent their long-lived session cookies in plain text.

Questions around security at LinkedIn were raised after a data breach in June 2012 when the professional social network confirmed that some of the stolen passwords posted online by a hacker corresponded to accounts on the professional networking site.

The confirmation came after reports that 6.5 million encrypted stolen passwords had been posted on a Russian web forum and that hackers were working to decrypt them.

The stolen passwords were encrypted using an outdated SHA-1 hash function created by the US National Security Agency.

After the breach, LinkedIn said it had improved password-strengthening measures and enhanced the security of its infrastructure and data.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy