We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

LinkedIn 'vulnerable to to attack by hackers'

Unusually long-life access cookie to blame

According to a security researcher, social network site LinkedIn is vulnerable to attack by hackers because the cookie used to grant access to accounts doesn't expire for 12 months.

According to a Reuters report, Indian based security expert Rishi Narang said the flaws make user accounts open to break-in by criminals without even requiring passwords. Narang said the problem is caused by the way LinkedIn manages cookies. Once an account is access, LinkedIn places the "LEO_AUTH_TOKEN" cookie on the user's PC. This then grants the user access to their account. Unusually this cookie does not expire for a full year from the date it is created.

Many sites - including PC Advisor - utilise cookies to allow users to remain logged in without having to constantly re-input their passwords. But the time cookies remain valid generally varies from just a few minutes for sites that allow access to financial data, to a few weeks for less sensitive sites. A full year is an unusually long time for a cookie to remain valid. If a crook got hold of the cookie file, they could log in to your LinkedIn account for the remainder of its lifetime.

LinkedIn uses SSL technology to encrypt sensitive data, but doesn't encrypt its access cookies.

In response to Narang's claims - published on his blog www.wtfuzz.com - LinkedIn released a statement, but refused to comment directly on the cookie 'flaw', saying only: "LinkedIn takes the privacy and security of our members seriously. Whether you are on LinkedIn or any other site, it's always a good idea to choose trusted and encrypted WiFi networks or VPNs (virtual private networks) whenever possible."

LinkedIn Corp went public last week.

See also: Latest internet security advice

IDG UK Sites

Best camera phone of 2015: iPhone 6 Plus vs LG G4 vs Galaxy S6 vs One M9 vs Nexus 6

IDG UK Sites

In defence of BlackBerrys

IDG UK Sites

Why we should reserve judgement on Apple ditching Helvetica in OS X/iOS for the Apple Watch's San...

IDG UK Sites

Retina 3.3GHz iMac 27in preview: Apple cuts £400 of price of Retina iMac with new model