Story image

LinkedIn’s outage blunder left users exposed and was ‘easily preventable’

01 Dec 2017

​If you were out to do a bit of business and employment-oriented networking yesterday, you may have come across an error message.

LinkedIn went down yesterday in countries across the world due to an SSL certificate expiry, which resulted in us.linkedin.com, uk.linkedin.com, ca.linkedin.com and many others becoming inaccessible to many.

What’s more concerning is those that were able to bypass the error message and login were in fact browsing with all of their data at risk as there was no encryption.

LinkedIn updated users on its ‘LinkedIn Help’ Twitter site:

And undoubtedly with no shortage of urgency, the social media giant assured its users shortly afterwards that the issue had been resolved.

Cybersecurity expert Alan Woodward says the outage will have far-reaching implications.

“Simply put, it will erode trust with visitors to your site,” says Woodward.

“For a site like LinkedIn that could matter a great deal when people come to trust them with more data, something LinkedIn is always encouraging you to do to – 'complete your profile'.”

Vice president for security strategy and threat intelligence at Venafi, Kevin Bocek says simply this shouldn’t have happened.

"You may have fired up LinkedIn yesterday afternoon, only to be greeted with a "CERT_DATE_INVALID" warning. You won't have been alone. LinkedIn's website was down across most of its main regions, including, the UK,  Australia and the US,” says Bocek.

“High-profile websites crash almost every week, but what's really jarring about LinkedIn's stumble is that it was entirely preventable".

Bocek says this all comes down to a certificate related issue.

“Certificates provide every machine - whether it's a website, application or device, with an online identity. Without them, machines can't trust each other when they communicate,” says Bocek.

“So when LinkedIn's certificate expired yesterday, every major browser simply stopped trusting it. For a global social network with millions of members, it won't be catastrophic. But what if the same thing happened to, say, a large retailer over Christmas?"

If there’s one thing to come out of this, Bocek says LinkedIn’s blunder demonstrates why keeping in control of certificates is so important.

“While LinkedIn will have thousands of certificates to keep track of, outages like yesterday's show that it only takes one expiry to cause problems,” Bocek says.

“To stay in control, organisations should look to automate the discovery, management and replacement of every single certificate on its network - or LinkedIn won't be the last high-profile snafu."

Container survey shows adoption accelerating while security concerns remain top of mind
The report features insights from over 500 IT professionals.
Google 'will do better' after G Suite passwords exposed since 2005
Fourteen years is a long time for sensitive information like usernames and passwords to be sitting ducks, unencrypted and at risk of theft and corruption.
Hackbusters! Reviewing 90 days of cybersecurity incident response cases
While there are occasionally very advanced new threats, these are massively outnumbered by common-or-garden email fraud, ransomware attacks and well-worn old exploits.
SEGA turns to Palo Alto Networks for cybersecurity protection
When one of the world’s largest video game pioneers wanted to strengthen its IT defences against cyber threats, it started with firewalls and real-time threat intelligence from Palo Alto Networks.
Forrester names Trend Micro Leader in email security
TrendMicro earned the highest score for technology leadership, deployment options and cloud integration.
LogRhythm releases cloud-based SIEM solution
LogRhythm Cloud provides the same feature set and user experience as its on-prem experience.
One Identity named Leader in PAM and IAM by KuppingerCole
KuppingerCole lead analyst Anmol Singh evaluated the strengths and weaknesses of 20 solution providers in the PAM market for the report.
Healthcare environments difficult to secure - Forescout
The convergence of IT, Internet of Things (IoT) and operational technology (OT) makes it more difficult for the healthcare industry to manage a wide array of hard-to-control network security risks.