What do you think of our Help Center? Would you like to take a quick survey? Yes or No dismiss this message

Security Vulnerabilities

We're always appreciative when members of the security community report vulnerabilities to us. Read more about how to let us know about these issues.

What is LinkedIn's policy on reporting vulnerabilities?

Note: To report spam or phishing, please forward the message in question to spam@linkedin.com or phishing@linkedin.com.

If you are a security researcher who wants to report a vulnerability, please take a minute to review LinkedIn's responsible disclosure policy:

  1. We do not permit any security testing that attempts to degrade, interrupt, or deny service (DoS) to our users.
  2. Vulnerability research does not extend to accessing or modifying member data that does not belong to the researcher. All testing should be conducted against accounts that are under a researcher's control.
  3. We will make every attempt to respond in a timely manner as follows:
    • Acknowledgement of the vulnerability report
    • Time frame for fixing the issue
    • Notification that the issue has been fixed

How do I report a vulnerability to LinkedIn?

Notification must take place via email to security@linkedin.com. Do not submit vulnerabilities on any LinkedIn forums or comment pages. Here is a link to download the PGP key for secure communications: LinkedIn Security Key

Priority will be given to encrypted reports, and please include your PGP key for replies. We also expect researchers to keep the details of the vulnerability private until a fix is released.