Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

LinkedIn Allowed TLS Certificate to Expire—Again

Microsoft-owned social media giant LinkedIn has once again put user data and privacy at risk by allowing a TLS certificate to expire.

Microsoft-owned social media giant LinkedIn has once again put user data and privacy at risk by allowing a TLS certificate to expire.

Some users noticed on Tuesday that when they tried to access LinkedIn from their desktop or laptop computer they were greeted by an alert that said the connection was not secure. It turned out that the company had forgotten to renew the TLS certificate for its lnkd.in URL shortener.

The company quickly took action after being notified. The new certificate is valid until May 2021.

Expired LinkedIn certificate

This is the second time this has happened. In November 2017, LinkedIn forgot to renew a certificate for country-specific domains, such as uk.linkedin.com and de.linkedin.com.

“Large organisations with hundreds of millions of users globally should be setting the standard for security practices and unfortunately this is the second time that LinkedIn failed to update their SSL certificate, effectively putting user data and privacy at risk,” Carl Leonard, principal security analyst at Forcepoint and one of the individuals who reported the incident to LinkedIn, told SecurityWeek.

“Although this expired certificate only appeared to affect desktop users of LinkedIn, users had to rely on their browsers to alert them to the risks associated with the site. In some cases this may have led to confusion or encourage users to override error messages without understanding the security implications,” Leonard said.

“It isn’t enough for organisations to be reactive,” the expert added. “They should proactively ensure that are consistently implementing cybersecurity practices which act to protect sensitive information from being intercepted or exposed, whilst preserving the user experience. Humans will always make mistakes and have lapses in judgement and it is the role of the appropriate technology to address these issues to ultimately keep data safe.”

UPDATE. LinkedIn told SecurityWeek that it had a brief delay in its SSL certification update. The company said the issue was quickly fixed and user data was not affected.

Advertisement. Scroll to continue reading.

Related: TLS Certificates for Many .gov Domains Not Renewed Due to Government Shutdown

Related: LinkedIn Responds to Criticism of its SSL Implementation

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

The US arm of networking giant TP-Link has appointed Adam Robertson as Director of Information and Security.

Raj Dodhiawala has been named Chief Product Officer at Eclypsium.

Cyber exposure management firm Armis has promoted Alex Mosher to President.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.