Trust Center

Start your security review
View & download sensitive information
Search items

Overview

LinkedIn's Security Program

LinkedIn maintains an Information Security Program to ensure the confidentiality, integrity, and availability of all computer and data communication systems while meeting the necessary legislative, industry, and contractual requirements.

Our Smart Trust Center offers customers access to LinkedIn’s latest security reports and documents, including ISO certifications and our SOC 2 report.

Compliance

CCPA Logo
CCPA
EU-US DPF Logo
EU-US DPF
GDPR Logo
GDPR
ISO 22301 Logo
ISO 22301
ISO 27001 Logo
ISO 27001
ISO 27001 SoA Logo
ISO 27001 SoA
ISO 27018 Logo
ISO 27018
PCI DSS Logo
PCI DSS
PIPEDA Logo
PIPEDA
SOC 2 Logo
SOC 2
Start your security review
View & download sensitive information
Pentest Report
SOC 2 Type II Report
ISO 22301
ISO 27001
ISO 27018
Information Security Policy
Network Diagram
Other Reports
Security Prospectus
Security Whitepaper
ISO 27001 SoA
CAIQ
HECVAT Full
SIG Lite

Product Security

Audit Logging
Data Security
Multi-Factor Authentication
View more

Reports

Network Diagram
Other Reports
Pentest Report
View more

Self-Assessments

CAIQ
HECVAT Full
SIG Lite

Data Security

Access Monitoring
Backups Enabled
Data Erasure
View more

App Security

Responsible Disclosure
Software Development Lifecycle
Vulnerability & Patch Management

Access Control

Data Access
Logging
Password Security

Infrastructure

Anti-DDoS
BC/DR
Data Center
View more

Corporate Security

Employee Training
Incident Response
Internal Assessments
View more

Policies

Information Security Policy

Trust Center Updates

OpenSSL Vulnerability

IncidentsCopy link

LinkedIn has taken steps to identify and mitigate known systems affected by this issue. We have identified no impact to LinkedIn at this time. Nevertheless we will watch for further developments and actively monitor the situation.

Published at N/A

Apache Vulnerability

IncidentsCopy link

LinkedIn has taken steps to identify and mitigate any systems affected by this issue. We have identified no impact to LinkedIn at this time.

Published at N/A

Atlassian Confluence Vulnerability

IncidentsCopy link

Atlassian Confluence in the news

In June 2022, Atlassian was made aware of current active exploitation of a remote code execution (RCE) vulnerability in Confluence Data Center and Server. Due to this Zero-Day Exploitation security vulnerability, LinkedIn has taken measures to mitigate while Atlassian works on releasing a fix. Please also note that Atlassian has provided remediation steps until the software patch is available. Per Confluence’s Security Advisory page, they expect that security fixes for supported versions of Confluence will begin to be available for download within 24 hours (estimated time, by EOD June 3 PDT). We will provide additional updates as we receive.

Published at N/A

Spring4Shell Update

IncidentsCopy link

How is LinkedIn responding to Spring4Shell?

In late March 2022, a new remote code execution (RCE) vulnerability also known as Spring4Shell was discovered. Our security team responded quickly to determine impact and applicability.

Are LinkedIn services impacted?

LinkedIn’s services are not affected by this vulnerability. Nevertheless we will watch for further developments and actively monitor the situation.

Published at N/A

Okta Update

IncidentsCopy link

Okta in the news

In March 2022, a threat actor known as LAPSUS$ claimed to have compromised Okta, a company LinkedIn and many of our peers use for authentication of third-party apps internally.

How is LinkedIn responding to this news?

We take the security and safety of our company and our platform seriously. We have not identified any impact to LinkedIn. We will continue to actively monitor our systems and take the necessary actions in order to keep our community safe.

Published at N/A

Regarding the Log4j Java library remote code execution (RCE) vulnerability (CVE-2021-44228), also known as Log4Shell

IncidentsCopy link

How is LinkedIn responding to the Log4j zero-day vulnerability? The LinkedIn Security team has evaluated our exposure to the Log4j Java library remote code execution (RCE) vulnerability (CVE-2021-44228), also known as Log4Shell. Log4j is a Java-based logging utility found in a wide number of software products described here. The vulnerability was disclosed by the Apache Log4j project on Thursday, December 9, 2021. On Thursday evening LinkedIn immediately began deploying recommended mitigations and began to roll out permanent remediations.

Are LinkedIn's services impacted? LinkedIn products do make use of Java and Log4j. On Thursday, December 9, 2021, we immediately deployed recommended mitigations and began to roll out permanent remediations. As of December 15, 2021, remediation in our production environments was complete. There has been no member or customer impact.

Published at N/A
Powered bySafeBase Logo