LinkedIn confirmed via Twitter that its site suffered an outage due to “a DNS issue.”
Our site is now recovering for some members. We determined it was a DNS issue, and we’re continuing to work on it. Thanks for your p...
LinkedIn confirmed via Twitter that its site suffered an outage due to “a DNS issue.”
Our site is now recovering for some members. We determined it was a DNS issue, and we’re continuing to work on it. Thanks for your patience.
— LinkedIn Help (@LinkedInHelp) June 20, 2013
According to Downrightnow.com, LinkedIn’s service outage began around 6PM PST yesterday and is still continuing, though service has gradually resumed for some users.
Shortly after the outage began, App.net co-founder Bryan Berg wrote on his blog that the site’s DNS may have been hijacked–in other words, its domain name was redirected to a different IP address. In this case, LinkedIn’s traffic was re-routed to a network hosted by http://www.confluence-networks.com, which has phone numbers listed for both India and the U.S.
This is potentially worrisome for LinkedIn users because, Berg writes, the site does not require SSL (secure sockets layer), which means that if you visited it over the last few hours, “your browser sent your long-lived session cookies in plaintext” and a third-party may now have access to your account information.
LinkedIn users may remember that nearly 6.5 million encrypted passwords were compromised in June 2012 when they were dumped onto a Russian hacker forum. That incident occurred around the same time mobile security researchers discovered that calendar entries made on LinkedIn’s iOS apps, including sensitive information like meeting locations and passwords, were transmitted back to LinkedIn’s servers without users’ knowledge.
We’ve emailed LinkedIn for comment.