Story image

LinkedIn’s outage blunder left users exposed and was ‘easily preventable’

01 Dec 2017

​If you were out to do a bit of business and employment-oriented networking yesterday, you may have come across an error message.

LinkedIn went down yesterday in countries across the world due to an SSL certificate expiry, which resulted in us.linkedin.com, uk.linkedin.com, ca.linkedin.com and many others becoming inaccessible to many.

What’s more concerning is those that were able to bypass the error message and login were in fact browsing with all of their data at risk as there was no encryption.

LinkedIn updated users on its ‘LinkedIn Help’ Twitter site:

And undoubtedly with no shortage of urgency, the social media giant assured its users shortly afterwards that the issue had been resolved.

Cybersecurity expert Alan Woodward says the outage will have far-reaching implications.

“Simply put, it will erode trust with visitors to your site,” says Woodward.

“For a site like LinkedIn that could matter a great deal when people come to trust them with more data, something LinkedIn is always encouraging you to do to – 'complete your profile'.”

Vice president for security strategy and threat intelligence at Venafi, Kevin Bocek says simply this shouldn’t have happened.

"You may have fired up LinkedIn yesterday afternoon, only to be greeted with a "CERT_DATE_INVALID" warning. You won't have been alone. LinkedIn's website was down across most of its main regions, including, the UK,  Australia and the US,” says Bocek.

“High-profile websites crash almost every week, but what's really jarring about LinkedIn's stumble is that it was entirely preventable".

Bocek says this all comes down to a certificate related issue.

“Certificates provide every machine - whether it's a website, application or device, with an online identity. Without them, machines can't trust each other when they communicate,” says Bocek.

“So when LinkedIn's certificate expired yesterday, every major browser simply stopped trusting it. For a global social network with millions of members, it won't be catastrophic. But what if the same thing happened to, say, a large retailer over Christmas?"

If there’s one thing to come out of this, Bocek says LinkedIn’s blunder demonstrates why keeping in control of certificates is so important.

“While LinkedIn will have thousands of certificates to keep track of, outages like yesterday's show that it only takes one expiry to cause problems,” Bocek says.

“To stay in control, organisations should look to automate the discovery, management and replacement of every single certificate on its network - or LinkedIn won't be the last high-profile snafu."

50 million tonnes of e-waste: IT faces sustainability challenges
“Through This is IT, we want to help people better understand the problem of today’s linear “take, make, dispose” thinking around IT products and its effects like e-waste, pollution and climate change."
Vocus & Vodafone unbundle NZ's fibre network
“Unbundling fibre will provide retail service providers with a flexible future-proofed platform regardless of what tomorrow brings."
NZ Cricket ups data analytics game with Qrious
The Black Caps and White Ferns have implemented a data and analytics solution from Qrious to monitor and improve game strategy and player performance.
Gartner: Smartphone biometrics coming to the workplace
Gartner predicts increased adoption of mobile-centric biometric authentication and SaaS-delivered IAM.
Samsung & Trade Me offer AI-powered shopping
The smartphone camera & AI-powered tech, Trade Me says, is a ‘glimpse into the future of shopping’.
Neill Blomkamp's 'Conviction' is a prequel to BioWare's Anthem
You may remember Neill Blomkamp’s name from such films as District 9, Chappie, and Elysium. If you’ve seen any of those films, the short teaser trailer will seem somewhat familiar to you.
Security flaw in Xiaomi electric scooters could have deadly consequences
An attacker could target a rider, and then cause the scooter to suddenly brake or accelerate.
617 million stolen records up for sale on dark web
It may not be the first time the databases have been offered for sale.