New Delhi: Anand Prakash, the CEO of cybersecurity firm Pingsafe and an ethical hacker, recently discovered a security gap in LinkedIn that could have resulted in the deletion of any post by an individual or organization on the professional networking platform. The flaw was identified during a bug bounty program that rewards individuals for discovering security flaws or vulnerabilities in an organization’s internet-facing applications.
Although the bug was detected and resolved in 2018, LinkedIn only authorized its disclosure in April 2023, as per Prakash’s statements. He was rewarded $10,000 for uncovering the vulnerability. In a statement, LinkedIn stated that it has numerous security and privacy measures in place to safeguard its members’ safety and privacy.
Prakash stated that the flaw could have allowed anyone to send particular requests to LinkedIn servers that might have resulted in deleting any post on the platform. According to a Pingsafe blog post, “if left unaddressed, this vulnerability could have been exploited to remove important content, such as individual/company posts, causing significant damage to individuals or companies.”
The bug arose because of a lack of proper authorization checks on the delete post API request on the mobile website. Consequently, an attacker could change the “objectUrn” in the delete post request, which is publicly available for all posts, and delete the post using their session.
Prakash is a skilled hacker who has previously discovered and reported vulnerabilities on popular social media platforms such as Twitter and Tinder, as well as ride-sharing service Uber. As a result, he is a respected cybersecurity professional and CEO of Pingsafe, a cybersecurity company that provides comprehensive security solutions to companies worldwide.
In conclusion, Prakash’s discovery of the security gap in LinkedIn highlights the importance of bug bounty programs that offer financial incentives to individuals who find vulnerabilities or security flaws in an organization’s internet-facing applications. These programs can aid in the early detection and resolution of security issues, minimizing potential harm to individuals and businesses.