Professional networking site LinkedIn has been hit by a DNS hijacking attack, but the service appears to have been restored after two breaks, shown by monitoring service down right now.
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
LinkedIn acknowledged a “DNS issue” in a tweet around 3am BST, saying its engineers were working on it, but had not issued an update since.
DNS hijacking can be achieved in several ways, such as using malware to subvert the resolution of Domain Name System (DNS) queries to redirect traffic to a DNS server under the control of an attacker.
App.net co-founder Bryan Berg was first to blog about the security risk, noting that, for at least an hour, all LinkedIn traffic had been sent to a network hosted by confluence-networks.com.
According to Berg, that site does not require SSL (secure sockets layer), which means that anyone who visited LinkedIn during the hijacking would have sent their long-lived session cookies in plain text.
Questions around security at LinkedIn were raised after a data breach in June 2012 when the professional social network confirmed that some of the stolen passwords posted online by a hacker corresponded to accounts on the professional networking site.
Read more about LinkedIn security
- LinkedIn confirms "some" passwords stolen
- LinkedIn data breach costs more than $1m
- Security Zone: LinkedIn or left out?
- LinkedIn password leak: Lessons to be learned from LinkedIn breach
- Businesses told to take LinkedIn hack seriously
- Should you be worried by stolen LinkedIn passwords?
- Password database inventory required following LinkedIn breach
- All leaked LinkedIn passwords disabled, users notified
- LinkedIn investigating user account password breach
The confirmation came after reports that 6.5 million encrypted stolen passwords had been posted on a Russian web forum and that hackers were working to decrypt them.
The stolen passwords were encrypted using an outdated SHA-1 hash function created by the US National Security Agency.
After the breach, LinkedIn said it had improved password-strengthening measures and enhanced the security of its infrastructure and data.