Report Security Vulnerabilities

We're always appreciative when members of the security community report vulnerabilities to us. Read more about how to let us know about these issues.

What's a security vulnerability?

A security vulnerability refers to a flaw or weakness in a product or system that could compromise the availability or security of that product or system if exposed to attackers.

LinkedIn's policy on reporting vulnerabilities

Note: To report spam or phishing, please forward the message in question to spam@linkedin.com or phishing@linkedin.com.

If you're a security researcher who wants to report a vulnerability, take a minute to review LinkedIn's responsible disclosure policy:

  1. We don't permit any security testing that attempts to degrade, interrupt, or deny service (DoS) to our members.
  2. Vulnerability research doesn't extend to accessing or modifying member data that doesn't belong to the researcher. All testing should be conducted against accounts that are under a researcher's control.
  3. We will make every attempt to respond in a timely manner as follows:
    • Acknowledgement of the vulnerability report
    • Time frame for fixing the issue
    • Notification that the issue has been fixed

How to report a vulnerability

Notification must take place via email to security@linkedin.com. Don't submit vulnerabilities on any LinkedIn forums or comment pages. Here is a link to download the PGP key for secure communications: LinkedIn Security Key

Priority will be given to encrypted reports, and please include your PGP key for replies. We also expect researchers to keep the details of the vulnerability private until a fix is released.