LinkedIn says SSL vulnerability does not impact most users

Security

by Jimmy Nicholls| 20 June 2014

Security firm Zimperium insisted business network was at risk.

LinkedIn has downplayed the significance of a man-in-the-middle vulnerability said to allow hackers to steal a user's account.

Using an attack method known as SSL stripping, security firm Zimperium claimed it was able to redirect all traffic through unsecured HTTP connections, allowing them to steal login credentials, and take control of people's profiles.

A spokesman from LinkedIn said: "LinkedIn is committed to protecting the security of our members. In December 2013 we started transitioning the LinkedIn site to default HTTPS and just last week announced that we are serving all traffic to all users in US and EU by default over HTTPS.

"This issue does not impact the vast majority of LinkedIn members given our ongoing global release of HTTPS by default."

Zimperium said it has contacted the business network six times within the last year regarded the problem, but the company has yet to patch it.

It said: "Not only is your personal LinkedIn information at risk, but also if you are an administrator for your corporate LinkedIn presence, your company's brand reputation could also be damaged if a malicious actor were to gain control over posts and email communication on LinkedIn."

It added that the mobile app was not vulnerable to the same attack, though claimed hackers could still "sniff random HTTP requests and profile pictures".

"We believe that this vulnerability is being used, in-the-wild, against Linkedin's users," it said.

Comments
Post a comment

Comments may be moderated for spam, obscenities or defamation.

Join our network

745 people like this.
0 people follow this.

Security Intelligence

Privcy Policy

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.