Strange stuff happening on LinkedIn


Yesterday I logged into LinkedIn, and shortly afterward I got an email saying:

Your request to activate Remember me on your Firefox, Mac OS X in Boston, Massachusetts, United States was not successful. This is because you have 2-Factor Authentication enabled on your account for additional security.

This was followed by information plausibly matching my last login. However, I didn’t know what “Remember me” is, and I certainly didn’t intentionally activate any feature by that name yesterday. This sounded like a bug. I went into LinkedIn’s help, which makes it difficult to contact a human, and eventually figured out how to report it. If it was happening to me, I figured, it must be happening to others.

In the process I found out that “Remember me” is a feature by which you can “sign in to LinkedIn on trusted browsers without having to re-enter your username.” That’s not a feature I’d willingly activate. Maybe some confusing text resulted in my activating it by accident, but LinkedIn knows that I have 2FA enabled. Why would they even offer the option in that case? And why wouldn’t the website just immediately say, “I can’t do that, Dave,” rather than sending me an email?

This morning I got a response saying:

I’m sorry for not having a quick answer for you. Due to the sensitive nature of your request, I’ve forwarded your message to our Safety Operations Team.


As a security precaution, I’ve also restricted access to your account. This will immediately stop any unauthorized access that may be occurring. After researching your issue, a member of our Safety Operations Team will contact you as quickly as possible.

Thanks for your patience as we look into this.

It’s conceivable that someone broke into my account, logged in at about the same time I did, and tried to activate Remember Me in order to stay connected. I haven’t seen any evidence of it beyond the claim that there was an attempt to activate it.

Fortunately, the “restriction” on access to my account is so minor I can’t see a difference. My session from yesterday is still active. I logged in on a different browser and didn’t have to do anything unusual.

At this point I can’t tell what’s going on, but I don’t like it. I’ll provide an update if I learn more.

Update (Oct. 14, 4:43 PM): I found this thread on Reddit from a year ago. Apparently the same thing has happened to people sporadically for a long time. I don’t know why LinkedIn hasn’t fixed it or why its support people aren’t aware that it happens. Meanwhile, I’ve gotten no further responses from LinkedIn, but I can use my account normally.

Update 2 (Oct. 15, 7:30 AM): LinkedIn got back to me reporting that it “detected suspicious activity” on my account, in spite of my having a strong password and 2FA. I’ve changed my password and looked for any changes to my profile or unauthorized posts in my name; so far I haven’t found anything. Probably this mystery will never be resolved. (Maybe it was a rogue AI that didn’t like my saying bad things about it? 😜 )

Update 3 (Oct. 19, 9:00 PM): It’s happened three more times. Either LinkedIn has a serious security leak which isn’t fixed by changing a password, or it’s issuing spurious warnings. I’m assuming it’s the latter. If it turns out to be the former, I can’t be the only person affected, and it will blow up publicly soon.