LinkedIn has downplayed the significance of a man-in-the-middle vulnerability said to allow hackers to steal a user's account.
Using an attack method known as SSL stripping, security firm Zimperium claimed it was able to redirect all traffic through unsecured HTTP connections, allowing them to steal login credentials, and take control of people's profiles.
A spokesman from LinkedIn said: "LinkedIn is committed to protecting the security of our members. In December 2013 we started transitioning the LinkedIn site to default HTTPS and just last week announced that we are serving all traffic to all users in US and EU by default over HTTPS.
"This issue does not impact the vast majority of LinkedIn members given our ongoing global release of HTTPS by default."
Zimperium said it has contacted the business network six times within the last year regarded the problem, but the company has yet to patch it.
It said: "Not only is your personal LinkedIn information at risk, but also if you are an administrator for your corporate LinkedIn presence, your company's brand reputation could also be damaged if a malicious actor were to gain control over posts and email communication on LinkedIn."
It added that the mobile app was not vulnerable to the same attack, though claimed hackers could still "sniff random HTTP requests and profile pictures".
"We believe that this vulnerability is being used, in-the-wild, against Linkedin's users," it said.
Absolute® Software specialises in technology and services for the management and security of mobile computers and smartphones.
Established in 1957, BCS, The Chartered Institute for IT, promotes wider social and economic progress through the advancement of information...
Qualys is the leading provider of on demand IT security risk and compliance solutions - delivered as a service. Qualys solutions enable...
M86 Security is a global provider of web and e-mail security products. We are the only security company able to provide integrated, reliable and...