Security Portal

Get access to this Security Portal
  • Review sensitive security details
  • Unlock documents
  • Reclaim access anytime
Had access before? Reclaim access

Overview

LinkedIn's Security Program

LinkedIn maintains an Information Security Program to ensure the confidentiality, integrity, and availability of all computer and data communication systems while meeting the necessary legislative, industry, and contractual requirements.

LinkedIn policies, procedures, and standards are based on the International Organization for Standardization (ISO)/International Electrotechnical Commission (IEC) 27001. In addition, we use an independent third-party body to audit our compliance with leading industry standards periodically.

Compliance

CCPA Logo
CCPA
GDPR Logo
GDPR
ISO 27001 Logo
ISO 27001
ISO 27001 SoA Logo
ISO 27001 SoA
ISO 27018 Logo
ISO 27018
PCI DSS Logo
PCI DSS
PIPEDA Logo
PIPEDA
SOC 2 Logo
SOC 2
Get access to this Security Portal
  • Review sensitive security details
  • Unlock documents
  • Reclaim access anytime
Had access before? Reclaim access
34 Documents
Information Security Policy
ISO 27018
ISO 27001
SOC 2 Report
Pentest Report
Network Diagram
Other Reports
Security Prospectus
Security Whitepaper
ISO 27001 SoA
SOC 2
CAIQ
SIG Lite

Risk Profile

Data Access LevelRestricted
Impact LevelModerate
Critical DependenceNo
See more

Product Security

Role-Based Access Control
Audit Logging
Data Security
See more

Reports

Network Diagram
Other Reports
Pentest Report
See more

Self-Assessments

CAIQ
SIG Lite

Data Security

Access Monitoring
Backups Enabled
Data Erasure
See more

App Security

Responsible Disclosure
Code Analysis
Software Development Lifecycle
See more

Access Control

Data Access
Logging
Password Security

Infrastructure

Anti-DDoS
Amazon Web Services
Azure
See more

Corporate Security

Employee Training
Incident Response
Internal Assessments
See more

Policies

Information Security Policy

Security Grades

Qualys SSL Labs
LinkedIn.com
A
Glint - US
A
Glint - EU
A

Trust Center Updates

OpenSSL Vulnerability

LinkedIn has taken steps to identify and mitigate known systems affected by this issue. We have identified no impact to LinkedIn at this time. Nevertheless we will watch for further developments and actively monitor the situation.

Published at 11/04/2022, 5:49 PM

Apache Vulnerability

LinkedIn has taken steps to identify and mitigate any systems affected by this issue. We have identified no impact to LinkedIn at this time.

Published at 09/13/2022, 5:08 PM

Atlassian Confluence Vulnerability

Atlassian Confluence in the news

In June 2022, Atlassian was made aware of current active exploitation of a remote code execution (RCE) vulnerability in Confluence Data Center and Server. Due to this Zero-Day Exploitation security vulnerability, LinkedIn has taken measures to mitigate while Atlassian works on releasing a fix. Please also note that Atlassian has provided remediation steps until the software patch is available. Per Confluence’s Security Advisory page, they expect that security fixes for supported versions of Confluence will begin to be available for download within 24 hours (estimated time, by EOD June 3 PDT). We will provide additional updates as we receive.

Published at 06/06/2022, 2:59 PM

Spring4Shell Update

How is LinkedIn responding to Spring4Shell?

In late March 2022, a new remote code execution (RCE) vulnerability also known as Spring4Shell was discovered. Our security team responded quickly to determine impact and applicability.

Are LinkedIn services impacted?

LinkedIn’s services are not affected by this vulnerability. Nevertheless we will watch for further developments and actively monitor the situation.

Published at 04/01/2022, 7:41 PM

Okta Update

Okta in the news

In March 2022, a threat actor known as LAPSUS$ claimed to have compromised Okta, a company LinkedIn and many of our peers use for authentication of third-party apps internally.

How is LinkedIn responding to this news?

We take the security and safety of our company and our platform seriously. We have not identified any impact to LinkedIn. We will continue to actively monitor our systems and take the necessary actions in order to keep our community safe.

Published at 03/25/2022, 5:07 PM

Regarding the Log4j Java library remote code execution (RCE) vulnerability (CVE-2021-44228), also known as Log4Shell

How is LinkedIn responding to the Log4j zero-day vulnerability? The LinkedIn Security team has evaluated our exposure to the Log4j Java library remote code execution (RCE) vulnerability (CVE-2021-44228), also known as Log4Shell. Log4j is a Java-based logging utility found in a wide number of software products described here. The vulnerability was disclosed by the Apache Log4j project on Thursday, December 9, 2021. On Thursday evening LinkedIn immediately began deploying recommended mitigations and began to roll out permanent remediations.

Are LinkedIn's services impacted? LinkedIn products do make use of Java and Log4j. On Thursday, December 9, 2021, we immediately deployed recommended mitigations and began to roll out permanent remediations. As of December 15, 2021, remediation in our production environments was complete. There has been no member or customer impact.

Published at 01/03/2022, 4:11 PM