Not long ago I wrote about a recent campaign to hold LinkedIn users' accounts to ransom. Shortly after I published the article, a co-worker, Pearce, reached out to me told me he'd been a target of the campaign.
His story begins with an SMS text from LinkedIn telling him to reset his password. He found this confusing: It arrived in the middle of the night, and he hadn't asked for a password reset. Since he doesn’t use the LinkedIn app on his mobile he checked his account on his laptop first thing in the morning. The current sessions (Profile Picture > Settings > Sign in & security > Where you’re signed in) showed an unknown IP address in Texas logged into his account.
Frustration #1: The promised “Sign out of all these sessions” option was nowhere to be found. He double checked in a browser session on Windows and in the app on Android. It’s wasn't there.
Pearce then found out that there was at least one person in his Connections that he did not invite or accept an invitation from. This person also hailed from Texas. read more here