LinkedIn Cookies Put User Accounts at Risk: Report
Website LinkedIn.com has received some tough criticism as of late, after one security researcher revealed that the cookies used on the website leaves user accounts open to an online attack.
In a recent blog, independent researcher Rishi Narang warned members of the business-oriented social network that the cookies found on the site may continue to remain active for up to one year.
Extended Expiry Time Aids Hackers
Once a user completes their login procedures, LinkedIn creates a file on their computer which the site uses for quicker access later on (similar to the cookies found on many other sites).
The problem is that the LinkedIn cookies have an extended expiry time, meaning a bigger window of opportunity for cybercriminals to access these cookies, and in turn, sensitive account information. (Source: pcpro.co.uk)
Worse still, the cookies remain active even after the user has logged out of their LinkedIn session.
As Narang explained, "In just 15 minutes, I was successfully able to access multiple active accounts that belong to individuals from different global locations. They would have logged in/logged out many times in these months, but the cookie was still valid. Even though you change the password and all settings, still the old cookie is valid and will grant the attacker access to your account." (Source: itpro.co.uk)
Cookies Not Included in SSL Protection
While LinkedIn continues to use an older cryptographic protocol for encryption called Secure Sockets Layer (SSL) in order to safeguard personal data (including login details), this protection does not extend to cookies. Hackers can then weed out these cookies by monitoring traffic flow through a myriad of "sniffing" tools.
The news could not have come at a worse time for the business-based social network. The company recently went public and eclipsed early estimates of a $3 billion net worth, closing out the first day with a valuation that pointed upwards of $9 billion.
When asked for comment, one spokesperson at LinkedIn admitted that the company was looking into stronger SSL protection, but would not say whether or not Narang was correct in his assumptions concerning the cookies used on the site.
Most popular articles
- Which Processor is Better: Intel or AMD? - Explained
- How to Prevent Ransomware in 2018 - 10 Steps
- 5 Best Anti Ransomware Software Free
- How to Fix: Computer / Network Infected with Ransomware (10 Steps)
- How to Fix: Your Computer is Infected, Call This Number (Scam)
- Scammed by Informatico Experts? Here's What to Do
- Scammed by Smart PC Experts? Here's What to Do
- Scammed by Right PC Experts? Here's What to Do
- Scammed by PC / Web Network Experts? Here's What to Do
- How to Fix: Windows Update Won't Update
- Explained: Do I need a VPN? Are VPNs Safe for Online Banking?
- Explained: VPN vs Proxy; What's the Difference?
- Explained: Difference Between VPN Server and VPN (Service)
- Forgot Password? How to: Reset Any Password: Windows Vista, 7, 8, 10
- How to: Use a Firewall to Block Full Screen Ads on Android
- Explained: Absolute Best way to Limit Data on Android
- Explained: Difference Between Dark Web, Deep Net, Darknet and More
- Explained: If I Reset Windows 10 will it Remove Malware?
My name is Dennis Faas and I am a senior systems administrator and IT technical analyst specializing in cyber crimes (sextortion / blackmail / tech support scams) with over 30 years experience; I also run this website! If you need technical assistance , I can help. Click here to email me now; optionally, you can review my resume here. You can also read how I can fix your computer over the Internet (also includes user reviews).
We are BBB Accredited
We are BBB accredited (A+ rating), celebrating 21 years of excellence! Click to view our rating on the BBB.