light bulb

Did You Know?

Posts: 13,635
Topics: 107
Kudos: 23,007
Registered: ‎11-27-2013

Millions of LinkedIn Users at Risk of Man-in-the-Middle Attack

Wednesday, June 18, 2014 

Two year back in 2012, one of the most popular online social networking sites Linkedin spent between $500,000 and $1 million on forensic work after millions of its users’ account passwords were compromised in a major security data breach. But, it seems that the company hasn't learned any lesson from it.
Before moving on to the story, let us discuss some emerging and common threats against the social networking sites nowadays. If we talk about less publicized but more danger, then Man-in-the-Middle (MitM) attack is the most common one. By attempting MitM attack, a potential attacker could intercept users’ internet communication, steal sensitive information and even hijack sessions.

Kind Regards,


original.png Microsoft® Windows Insider MVP - Windows Security

Helpful Webroot Links:

Download (PC) | Download (Best Buy Subscription) | Submit Trouble Ticket | Account Console | User_Guides | BrightCloud URL lookup

and Introduce yourself to The Community!

ALIENWARE 17R4 Win 10 Pro x64 / Mac OS X El Capitan (10.11.6), IPad's, PCs,W 10 & W 8.1 R Pro. W 7 Pro ..Lenovo (VM:10) & Webroot® SecureAnywhere™ Internet Security Complete (Android Samsung Note 4) Beta Tester,Windows Insider Builds
Posts: 6,423
Topics: 3,088
Kudos: 9,093
Blog Posts: 0
Registered: ‎06-02-2014

LinkedIn ignored SIX WARNINGS about account-hijacking bug

By Darren Pauli, 20 Jun 2014


LinkedIn accounts can be hijacked through simple man in the middle (MITM) attacks due to a failure to promptly fix a SSL stripping vulnerability .

The flaw described ambitiously as a zero-day vulnerability allowed attackers to gain full control of a user's account after they had logged in via SSL.


Attackers could jump between the user and the service and replace the secure protocol with HTTP allowing access to their account.

User IDs, passwords and all LinkedIn data could then be siphoned off by attackers


The Register/ Full Read Here/





Community Leader

Posts: 7,181
Kudos: 8,084
Registered: ‎10-28-2012

Re: LinkedIn ignored SIX WARNINGS about account-hijacking bug

If correct, that is simply incredible, and without logic.



New to the Community? Register now and start posting!

Helpful Webroot Links:

Download (PC)   Download (Best Buy Subscription)   Submit Trouble Ticket   Account Console   User Guides   

"If you don't learn something new every day, you need to pay more attention. I often get my daily learning here so grab a chair and stay a while!"

WSA-Complete (Beta PC), WSA Mobile (Android), WSA Business Mobile (Android) WSA-Endpoint (PC- Some of the time.....)
Community Leader
Posts: 432
Registered: ‎04-11-2014

Re: LinkedIn ignored SIX WARNINGS about account-hijacking bug

DavidP1970 wrote:

If correct, that is simply incredible, and without logic.

and I'll add "scary"  to @DavidP1970  's list.


After watching the 2-minute video — and add another 5-minutes to blow out my history and cache — I made the recommended changes to my account. I even went so far as to opt for the two-step login process. I'm still debating whether or not to share the news article on my LinkedIn profle. Smiley Frustrated


Thank you @Antus67  !!

— Jeff
Webroot Business Ambassador   Webroot Community Leader