sb-nz logo
Story image

LinkedIn’s outage blunder left users exposed and was ‘easily preventable’

01 Dec 2017

​If you were out to do a bit of business and employment-oriented networking yesterday, you may have come across an error message.

LinkedIn went down yesterday in countries across the world due to an SSL certificate expiry, which resulted in us.linkedin.com, uk.linkedin.com, ca.linkedin.com and many others becoming inaccessible to many.

What’s more concerning is those that were able to bypass the error message and login were in fact browsing with all of their data at risk as there was no encryption.

LinkedIn updated users on its ‘LinkedIn Help’ Twitter site:

And undoubtedly with no shortage of urgency, the social media giant assured its users shortly afterwards that the issue had been resolved.

Cybersecurity expert Alan Woodward says the outage will have far-reaching implications.

“Simply put, it will erode trust with visitors to your site,” says Woodward.

“For a site like LinkedIn that could matter a great deal when people come to trust them with more data, something LinkedIn is always encouraging you to do to – 'complete your profile'.”

Vice president for security strategy and threat intelligence at Venafi, Kevin Bocek says simply this shouldn’t have happened.

"You may have fired up LinkedIn yesterday afternoon, only to be greeted with a "CERT_DATE_INVALID" warning. You won't have been alone. LinkedIn's website was down across most of its main regions, including, the UK,  Australia and the US,” says Bocek.

“High-profile websites crash almost every week, but what's really jarring about LinkedIn's stumble is that it was entirely preventable".

Bocek says this all comes down to a certificate related issue.

“Certificates provide every machine - whether it's a website, application or device, with an online identity. Without them, machines can't trust each other when they communicate,” says Bocek.

“So when LinkedIn's certificate expired yesterday, every major browser simply stopped trusting it. For a global social network with millions of members, it won't be catastrophic. But what if the same thing happened to, say, a large retailer over Christmas?"

If there’s one thing to come out of this, Bocek says LinkedIn’s blunder demonstrates why keeping in control of certificates is so important.

“While LinkedIn will have thousands of certificates to keep track of, outages like yesterday's show that it only takes one expiry to cause problems,” Bocek says.

“To stay in control, organisations should look to automate the discovery, management and replacement of every single certificate on its network - or LinkedIn won't be the last high-profile snafu."

Story image
Video: 10 Minute IT Jams - SonicWall VP discusses the importance of endpoint security
In this video, Dmitriy discusses the exposure points and new risks that come as a result of widespread flexible working arrangements, how organisations should secure their massively distributed networks, and how SonicWall's Boundless Cybersecurity model can solve these issues.More
Story image
Protegrity rolls out updates to data protection platform
Protegrity has updated its Protegrity Data Protection Platform to better secure sensitive data in hybrid-cloud, multi-cloud and SaaS environments.More
Story image
Microsoft is most imitated brand for phishing attacks in Q3
Popular phishing tactics using the Microsoft brand used email campaigns to steal credentials of Microsoft accounts, luring victims to click on malicious links which redirect them to a fraudulent Microsoft login page. More
Story image
UiPath and eSentire bring hyperautomation to Microsoft Security
UiPath and eSentire have announced a strategic partnership to deliver end-to-end security policy automation across multiple Microsoft Security services.More
Story image
IDC survey: Nearly 1/3 of data-ransomed businesses pay up
A Rubrik-commissioned A/NZ survey by IDC finds that despite only 6% saying they would pay ransomware attackers, the reality is quite different.More
Story image
How to address cyber-threats as a strategic risk
Becoming a cyber-secure organisation in the face of an evolving threat landscape requires a strategic, business-focused approach to security as opposed to a tactical approach in which security is addressed simply by implementing new tools.More