OK - I've taking some time off, and have not blogged for many months. My decision was actually not to begin blogging again before late January , but I have to share this experience, where a LinkedIn user got access to mine (and others) account and was able to edit my profile, read my mails etc. etc. !!!!

See my (very polite) mail to the LinkedIn Privacy Team below.... Look forward to see the response....

(Undskyld det engelske ...men just in case...)

-----------------------------------snip--------------------------------- 

Dear LinkedIn Privacy team, I have in general been satisfied with the services provided by LinkedIn, but I’ve had a very disturbing experience you need to investigate further. For a period of time a LinkedIn user unwillingly gained access to my full account incl Inbox, personal settings etc. due to what must be a severe security breach in your systems. 

Here is the scenario: User A, B and C are connected.

User D are not connected with any of these when the incident occurs. 

A invites D. (See the reminder invitation mail below). D follows the link and accepts the invitation. He then starts browsing A’s connections, starting with B (which happens to be me). When looking at my profile he decides to go back to his inbox, and hits the Inbox-link. Much to his surprise he now sits in my (B’s) Inbox!!! As he happens to be my brother-in-law he immediately calls me on the phone. And together we investigate this further: He reads loud the content of my mails, and has even access to enter new bogus career positions in my profile!!  

Extremely disturbing! 

We continued the investigation over the phone, and found that he had similar access to at least one more of A’s connections, here called C.  Even more disturbing! (that’s where we stopped browsing A’s connections, and went back to my (B’s) profile!).

Signing out of LinkedIn did not change the situation; when entering LinkedIn again he was placed in my Account like it was my User ID he had used to login (which indicates that his cookie in the browser was set incorrect?). Even after I changed my password he got access to my account. And, just for the sake of completeness:  I have never used his PC, and he does not know my password. First when he poked a “Sign Out Completely” and killed all browsers things went back to normal, and he lost his very elevated rights to your system! 

User A is <deleted>

User B is <deleted>

User C is <deleted>

User D is <deleted> 

I hope that this information is fulfilling for your further investigation – otherwise please feel free to contact me. I look forward to be kept informed on the progress.