We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

LinkedIn 'vulnerable to to attack by hackers'

Unusually long-life access cookie to blame

According to a security researcher, social network site LinkedIn is vulnerable to attack by hackers because the cookie used to grant access to accounts doesn't expire for 12 months.

According to a Reuters report, Indian based security expert Rishi Narang said the flaws make user accounts open to break-in by criminals without even requiring passwords. Narang said the problem is caused by the way LinkedIn manages cookies. Once an account is access, LinkedIn places the "LEO_AUTH_TOKEN" cookie on the user's PC. This then grants the user access to their account. Unusually this cookie does not expire for a full year from the date it is created.

Many sites - including PC Advisor - utilise cookies to allow users to remain logged in without having to constantly re-input their passwords. But the time cookies remain valid generally varies from just a few minutes for sites that allow access to financial data, to a few weeks for less sensitive sites. A full year is an unusually long time for a cookie to remain valid. If a crook got hold of the cookie file, they could log in to your LinkedIn account for the remainder of its lifetime.

LinkedIn uses SSL technology to encrypt sensitive data, but doesn't encrypt its access cookies.

In response to Narang's claims - published on his blog www.wtfuzz.com - LinkedIn released a statement, but refused to comment directly on the cookie 'flaw', saying only: "LinkedIn takes the privacy and security of our members seriously. Whether you are on LinkedIn or any other site, it's always a good idea to choose trusted and encrypted WiFi networks or VPNs (virtual private networks) whenever possible."

LinkedIn Corp went public last week.

See also: Latest internet security advice


IDG UK Sites

New iPhone 6 review: best ever iPhone is very good... but no longer the best phone you can buy

IDG UK Sites

Is Apple losing confidence in itself?

IDG UK Sites

Professional photo and video techniques for perfect colours

IDG UK Sites

How (and where) to buy an iPhone 6 or iPhone 6 Plus in the UK. Plus: What to do if you pre-ordered...