Business-focused social network LinkedIn is continuing to recover from a DNS error that took the site offline for an hour. The outage began when the popular service’s homepage was replaced by a domain sales page.
While the outage appears to have stopped, some users are still saying (via Twitter) that they cannot access linkedin.com, although none are seeing the incorrect page.
For a short time on Wednesday evening, linkedin.com was not accessible to a majority of our members. We have been told by the company that manages our domain that this was due to an error made on their end, not due to malicious activity of any kind. Our team was able to quickly address the issue, and our site has returned to normal. We believe that at no point was any LinkedIn member data compromised in any way.
Indeed, Network Solutions — LinkedIn’s service provide — explains that a number of its customers’ website were “inadvertently affected for up to several hours”. It further explains that “no confidential data was compromised, including passwords, credit card information, or cookies.”
(The rest of the original post continues below.)
LinkedIn explained the outage was caused by “a DNS issue”, but provided no further details. Others have speculated that there may have been more malicious factors at play.
Our site is now recovering for some members. We determined it was a DNS issue, we’re continuing to work on it. Thanks for your patience.
— LinkedIn (@LinkedIn) June 20, 2013
App.net co-founder Bryan Berg suggested that the service was “hijacked” with all traffic sent to a network hosted by India-based Confluence Networks. Furthermore, due to the lack of SSL security on the site, Berg says that could have meant if you visited the page “your browser sent your long-lived session cookies in plain text” — potentially enabling third-parties to access user information and accounts.
However, a Hacker News user claiming to work with LinkedIn’s network operations center argued that the outage was down to a mistake from LinkedIn’s DNS provider, which accidentally pointed the website’s homepage to a domain parking page. Rather amusingly that put the linkedin.com domain up for sale.
It’s been just over one year since LinkedIn saw 6.5 million password leaked following a hack into its system, and the site can ill afford to suffer further security issues given the severity of that previous hacking.
Even if the DNS issue was down to a harmless error, the fact that the site pointed to a domain buying page for many users for a sustained period of time — combined with last year’s events — may have been enough to make many LinkedIn regulars fear the worst again.
LinkedIn has more than 225 million users worldwide. The US is its largest market, and it just passed 20 million registered members in India, its next biggest country.
We reached out to LinkedIn and Confluence Networks and will provide any additional details that the companies disclose.
Headline image via mariosundar / Flickr