LinkedIn’s security was in the news last week when cybersecurity researchers at FireEye warned of a malicious phishing campaign attributed to the Iranian-linked APT34. The campaign targeted LinkedIn users with bogus invitations to join a professional network and malware-laced attachments.
As that news was published, an entirely different kind of security issue was hitting LinkedIn which then came to light on Friday. Dutch recruiter Michel Rijnders discovered a security loophole that allowed users to post job openings on a company’s official LinkedIn page, even with no link or association, and certainly with no permission being given. The postings would then show up on the company’s “jobs” page alongside others posted by the company itself.
Rijnders exposed the issue publicly, posting vacancies for the CEO spots at both LinkedIn and