Get full access to this Security Portal
  • Review all security details
  • Unlock documents
  • Reclaim access anytime
Had access before? Reclaim access

Overview

LinkedIn's Security Program

LinkedIn maintains an Information Security Program to ensure the confidentiality, integrity, and availability of all computer and data communication systems while meeting the necessary legislative, industry, and contractual requirements.

LinkedIn policies, procedures, and standards are based on the International Organization for Standardization (ISO)/International Electrotechnical Commission (IEC) 27001. In addition, we use an independent third-party body to audit our compliance with leading industry standards periodically.

Compliance

CCPA Logo
CCPA
Cyber Essentials Logo
Cyber Essentials
GDPR Logo
GDPR
ISO 27001 Logo
ISO 27001
ISO 27018 Logo
ISO 27018
PCI DSS Logo
PCI DSS
PIPEDA Logo
PIPEDA
SOC 2 Logo
SOC 2
Get full access to this Security Portal
  • Review all security details
  • Unlock documents
  • Reclaim access anytime
Had access before? Reclaim access
34 Documents
Network Diagram
Other Reports
Pentest Report
Security Prospectus
Security Whitepaper
SOC 2 Report
Cyber Essentials
ISO 27001
ISO 27018
SOC 2
CAIQ
SIG Lite

Risk Profile

Data Access LevelRestricted
Impact LevelModerate
Critical DependenceNo
See more

Product Security

Role-Based Access Control
Audit Logging
Data Security
See more

Reports

Network Diagram
Other Reports
Pentest Report
See more

Self-Assessments

CAIQ
SIG Lite

Data Security

Access Monitoring
Backups Enabled
Data Erasure
See more

App Security

Bug Bounty
Code Analysis
Software Development Lifecycle
See more

Access Control

Data Access
Logging
Password Security

Infrastructure

Anti-DDoS
Amazon Web Services
Azure
See more

Corporate Security

Employee Training
Incident Response
Internal Assessments
See more

Policies

Acceptable Use Policy
Access Control Policy
Anti-Malicious Software Policy
See more

Security Grades

Qualys SSL Labs
LinkedIn.com
A
Glint - US
A
Glint - EU
A

Trust Center Updates

Atlassian Confluence Vulnerability

Published at 06/06/2022, 2:59 PM

Atlassian Confluence in the news

In June 2022, Atlassian was made aware of current active exploitation of a remote code execution (RCE) vulnerability in Confluence Data Center and Server. Due to this Zero-Day Exploitation security vulnerability, LinkedIn has taken measures to mitigate while Atlassian works on releasing a fix. Please also note that Atlassian has provided remediation steps until the software patch is available. Per Confluence’s Security Advisory page, they expect that security fixes for supported versions of Confluence will begin to be available for download within 24 hours (estimated time, by EOD June 3 PDT). We will provide additional updates as we receive.

Spring4Shell Update

Published at 04/01/2022, 7:41 PM

How is LinkedIn responding to Spring4Shell?

In late March 2022, a new remote code execution (RCE) vulnerability also known as Spring4Shell was discovered. Our security team responded quickly to determine impact and applicability.

Are LinkedIn services impacted?

LinkedIn’s services are not affected by this vulnerability. Nevertheless we will watch for further developments and actively monitor the situation.

Okta Update

Published at 03/25/2022, 5:07 PM

Okta in the news

In March 2022, a threat actor known as LAPSUS$ claimed to have compromised Okta, a company LinkedIn and many of our peers use for authentication of third-party apps internally.

How is LinkedIn responding to this news?

We take the security and safety of our company and our platform seriously. We have not identified any impact to LinkedIn. We will continue to actively monitor our systems and take the necessary actions in order to keep our community safe.

Regarding the Log4j Java library remote code execution (RCE) vulnerability (CVE-2021-44228), also known as Log4Shell

Published at 01/03/2022, 4:11 PM

How is LinkedIn responding to the Log4j zero-day vulnerability? The LinkedIn Security team has evaluated our exposure to the Log4j Java library remote code execution (RCE) vulnerability (CVE-2021-44228), also known as Log4Shell. Log4j is a Java-based logging utility found in a wide number of software products described here. The vulnerability was disclosed by the Apache Log4j project on Thursday, December 9, 2021. On Thursday evening LinkedIn immediately began deploying recommended mitigations and began to roll out permanent remediations.

Are LinkedIn's services impacted? LinkedIn products do make use of Java and Log4j. On Thursday, December 9, 2021, we immediately deployed recommended mitigations and began to roll out permanent remediations. As of December 15, 2021, remediation in our production environments was complete. There has been no member or customer impact.