LinkedIn confirmed via Twitter that its site suffered an outage due to “a DNS issue.”
According to Downrightnow.com, LinkedIn’s service outage began around 6PM PST yesterday and is still continuing, though service has gradually resumed for some users.
Shortly after the outage began, App.net co-founder Bryan Berg wrote on his blog that the site’s DNS may have been hijacked–in other words, its domain name was redirected to a different IP address. In this case, LinkedIn’s traffic was re-routed to a network hosted by http://www.confluence-networks.com, which has phone numbers listed for both India and the U.S.
This is potentially worrisome for LinkedIn users because, Berg writes, the site does not require SSL (secure sockets layer), which means that if you visited it over the last few hours, “your browser sent your long-lived session cookies in plaintext” and a third-party may now have access to your account information.
LinkedIn users may remember that nearly 6.5 million encrypted passwords were compromised in June 2012 when they were dumped onto a Russian hacker forum. That incident occurred around the same time mobile security researchers discovered that calendar entries made on LinkedIn’s iOS apps, including sensitive information like meeting locations and passwords, were transmitted back to LinkedIn’s servers without users’ knowledge.
We’ve emailed LinkedIn for comment.
LinkedIn is a free business social networking site that allows users who register to create a professional profile visible to others. Through the site, individuals can then maintain a list of known business contacts, known as Connections. LinkedIn users can also invite anyone to join their list of connections. LinkedIn offers an effective way by which people can develop an extensive list of contacts, as your network consists of your own connections, your connections’ connections (2nd…