We're always appreciative when members of the security community report vulnerabilities to us. Read more about how to let us know about these issues.
What is LinkedIn's policy on reporting vulnerabilities?
If you are a security researcher who wants to report a vulnerability, please take a minute to review LinkedIn's responsible disclosure policy:
- We do not permit any security testing that attempts to degrade, interrupt, or deny service (DoS) to our users.
- Vulnerability research does not extend to accessing or modifying member data that does not belong to the researcher. All testing should be conducted against accounts that are under a researcher's control.
- We will make every attempt to respond in a timely manner as follows:
- Acknowledgement of the vulnerability report
- Time frame for fixing the issue
- Notification that the issue has been fixed
How do I report a vulnerability to LinkedIn?
Notification must take place via email to firstname.lastname@example.org. Do not submit vulnerabilities on any LinkedIn forums or comment pages. Here is a link to download the PGP key for secure communications: LinkedIn Security Key
Priority will be given to encrypted reports, and please include your PGP key for replies. We also expect researchers to keep the details of the vulnerability private until a fix is released.