Social networking platform LinkedIn suffers from some very high-risk security vulnerabilities which can be exploited by hackers in breaking into users’ accounts without even requiring a password, a security researcher claimed.
This shocking revelation was made by Rishi Narang , an independent security researcher from New Delhi, India. He claimed that the problem arises due to LinkedIn’s way of managing cookies.
Apparently, LinkedIn creates a cookie "LEO_AUTH_TOKEN" on the users’ computers after they log into their account. It is not uncommon for websites to create such cookies. However, according to Narang, LinkedIn stores the cookie on the user’s system for almost a year, thus creating a very sensitive vulnerability.
Mr. Narang provided details about these security flaws in the widely popular social networking site on his blog.
However, LinkedIn claims that it has already taken steps to ensure the security of its users’ accounts.
"LinkedIn takes the privacy and security of our members seriously," a statement from the company said.
"Whether you are on LinkedIn or any other site, it's always a good idea to choose trusted and encrypted WiFi networks or VPNs (virtual private networks) whenever possible," it added.