Trust Center

Start your security review
View & download sensitive information
Search items
ControlK

LinkedIn's Security Program

LinkedIn maintains an Information Security Program to ensure the confidentiality, integrity, and availability of all computer and data communication systems while meeting the necessary legislative, industry, and contractual requirements.

Our Smart Trust Center offers customers access to LinkedIn’s latest security reports and documents, including ISO certifications and our SOC 2 report.

Start your security review
View & download sensitive information
Penetration Test Report

Trust Center Updates

OpenSSL Vulnerability

IncidentsCopy link

LinkedIn has taken steps to identify and mitigate known systems affected by this issue. We have identified no impact to LinkedIn at this time. Nevertheless we will watch for further developments and actively monitor the situation.

Published at N/A

Apache Vulnerability

IncidentsCopy link

LinkedIn has taken steps to identify and mitigate any systems affected by this issue. We have identified no impact to LinkedIn at this time.

Published at N/A

Atlassian Confluence Vulnerability

IncidentsCopy link

Atlassian Confluence in the news

In June 2022, Atlassian was made aware of current active exploitation of a remote code execution (RCE) vulnerability in Confluence Data Center and Server. Due to this Zero-Day Exploitation security vulnerability, LinkedIn has taken measures to mitigate while Atlassian works on releasing a fix. Please also note that Atlassian has provided remediation steps until the software patch is available. Per Confluence’s Security Advisory page, they expect that security fixes for supported versions of Confluence will begin to be available for download within 24 hours (estimated time, by EOD June 3 PDT). We will provide additional updates as we receive.

Published at N/A

Spring4Shell Update

IncidentsCopy link

How is LinkedIn responding to Spring4Shell?

In late March 2022, a new remote code execution (RCE) vulnerability also known as Spring4Shell was discovered. Our security team responded quickly to determine impact and applicability.

Are LinkedIn services impacted?

LinkedIn’s services are not affected by this vulnerability. Nevertheless we will watch for further developments and actively monitor the situation.

Published at N/A

Okta Update

IncidentsCopy link

Okta in the news

In March 2022, a threat actor known as LAPSUS$ claimed to have compromised Okta, a company LinkedIn and many of our peers use for authentication of third-party apps internally.

How is LinkedIn responding to this news?

We take the security and safety of our company and our platform seriously. We have not identified any impact to LinkedIn. We will continue to actively monitor our systems and take the necessary actions in order to keep our community safe.

Published at N/A

Regarding the Log4j Java library remote code execution (RCE) vulnerability (CVE-2021-44228), also known as Log4Shell

IncidentsCopy link

How is LinkedIn responding to the Log4j zero-day vulnerability? The LinkedIn Security team has evaluated our exposure to the Log4j Java library remote code execution (RCE) vulnerability (CVE-2021-44228), also known as Log4Shell. Log4j is a Java-based logging utility found in a wide number of software products described here. The vulnerability was disclosed by the Apache Log4j project on Thursday, December 9, 2021. On Thursday evening LinkedIn immediately began deploying recommended mitigations and began to roll out permanent remediations.

Are LinkedIn's services impacted? LinkedIn products do make use of Java and Log4j. On Thursday, December 9, 2021, we immediately deployed recommended mitigations and began to roll out permanent remediations. As of December 15, 2021, remediation in our production environments was complete. There has been no member or customer impact.

Published at N/A
Powered bySafeBase Logo