Skip to main content

LinkedIn DNS hijacked, traffic rerouted for an hour, and users’ cookies read in plain text

A Linked-pen

Join us in Atlanta on April 10th and explore the landscape of security workforce. We will explore the vision, benefits, and use cases of AI for security teams. Request an invite here.


App.net cofounder Bryan Berg noticed that LinkedIn was DNS-hijacked tonight and that traffic was rerouted to a shady India-based site, www.confluence-networks.com. That’s bad for LinkedIn, but there’s worse news for you.

According to Berg, that site does not require SSL (secure sockets layer), which means that anyone who visited in the last hour or so sent it their long-lived session cookies in plain text … a potential security risk.

DNS hijacking is the process of redirecting a domain name to a different IP address. IP addresses are strings of numbers that identify a server, but they’re long and hard to remember. The DNS system allows us to use simple, easy-to-remember names like www.linkedin.com, and it then translates them to IP address like 216.52.242.86.

(You can also use that IP address, by the way, in your browser.)

VB Event

The AI Impact Tour – Atlanta

Continuing our tour, we’re headed to Atlanta for the AI Impact Tour stop on April 10th. This exclusive, invite-only event, in partnership with Microsoft, will feature discussions on how generative AI is transforming the security workforce. Space is limited, so request an invite today.
Request an invite

You can hijack a company’s DNS on the client side by hacking individual computers’ network configurations and on the Internet side by hacking a DNS server — or by installing a rogue DNS server that masquerades as a real DNS server. Alternatively, if you can access a company’s domain records, you can change the IP address associated with that company’s web services.

DownRightNow shows that LinkedIn had a service interruption from about 6 p.m. tonight and lasting until now.

linkedin down

However, I’m able to access the actual LinkedIn service right now, so the site must be up and available for at least some users, or maybe the DNS hijack has only affected a percentage of users.

LinkedIn acknowledged the issue on Twitter but has not updated to say that it is completely resolved yet:

The big question right now is what consequences this might have for users who inadvertently accessed the wrong servers and potentially gave away cookie data that could compromise their accounts.

Image credit: Sheila Scarborough/Flickr

VB Daily - get the latest in your inbox

Thanks for subscribing. Check out more VB newsletters here.

An error occured.