LinkedIn Downed As ‘DNS Error’ Strikes

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

LinkedIn says site is back to normal after DNS glitch at its registrar

LinkedIn was inaccessible for users yesterday thanks to what the company has described as a DNS “error” by its domain registrar, allaying fears attackers were trying to steal users’ data and hijack accounts.

The professional networking firm said its site was recovering for some members seven hours ago, but the latest statement indicated problems continued throughout the morning. TechWeekEurope is currently able to access the site,  and the firm has now said it is functioning again.

LinkedIn Logo“For a short time on Wednesday evening, linkedin.com was not accessible to a majority of our members. We have been told by the company that manages our domain that this was due to an error made on their end. Our team was able to quickly address the issue and the site is returning to normal,” a spokesperson  said in an emailed statement sent to TechWeek.

DNS problems

Late last night, it was claimed users who visited the site were redirected to a parking page for a site called confluence-networks.com, ostensibly for a company providing networking services.

The issue appears to have been caused by a bug, not an infection, sitting on the domain name server used by a large chunk of LinkedIn users. The same problem is believed to have hit local search site Yelp and others, according to CloudFlare CEO Matthew Prince.

DNS servers translate website names into IP addresses of requested sites, looking across a chain to get the correct ones.

If DNS poisoning had taken place, or the authoritative DNS server has been compromised, as some had suspected, it could have been bad news for users. Such attacks can be used to redirect victims to malicious websites that serve up malware, or session cookies could be pilfered to hijack accounts.

“LinkedIn just got DNS hijacked, and for the last hour or so, all of your traffic has been sent to a network hosted by this company [confluence-networks.com]. And they don’t require SSL, so if you tried to visit, your browser sent your long-lived session cookies in plaintext,” said Bryan Berg, co-founder of App,net.

It appears Berg and others were wrong, however, and there is no security scare in sight.

 “Starting few hours ago, we received reports about some sites (including linkedin.com) pointing to IPs allotted to our ranges,” says a statement on the Confluence site. “We are in touch with the affected parties & our customer to identify the root cause of this event. “

What do you know about Internet security? Find out with our quiz!