An Indian security researcher identified a bug in LinkedIn that allows attackers to delete posts on individual and company profiles.
ADVERTISEMENT
The bug could be exploited to remove important content, which may impact flow of information on the platform.
The bug was found to exist in an insecure direct object reference in LinkedIn’s direct post request and existed due to lack of proper authorisation checks on the deleted post API request on the mobile website.
ADVERTISEMENT
When notified, LinkedIn investigated the bug and implemented a patch for the security bug. The company awarded Indian security researcher Anand Prakash a bounty of $10,000 for responsibly disclosing the issue.
(For top technology news of the day, subscribe to our tech newsletter Today’s Cache)
Though an old incident, Mr Prakash says permission to go public with the discovery was recently given by LinkedIn.
ADVERTISEMENT
LinkedIn also confirmed the incident stating “security and privacy of our members is our utmost priority and we have multiple measures in place to ensure the safety of our members every step of the way. This issue was addressed and solved years ago via our bug bounty program.”
LinkedIn is a social networking site for the business community and is one of the largest global platforms for job seekers, employers, and recruiters.
(Information was added to the article after comments from LinkedIn)