Linkedin unread notifications count is open for everyone

Whenever I get email from Linkedin, there’s the logo at the top with the unread notifications count.
It’s nice detail, and of course, will be even nicer if I can find a way to abuse this.

Why?

I don’t have answer for this. Maybe to see if the user is still using Linkedin? Lots of unread notifications suggests the profile is not active. Or, erm.. yeah, I got nothing.

How?

The trick is to visit the Linkedin logo url with valid midToken parameter.
The url is:
https://www.linkedin.com/comm/dms/logo?midToken={token}

Valid token returns the image, invalid token results in 401 http status code.

How to get tokens?

Google!
Querying for Linkedin tokens
No, seriously. People copy & paste links with these tokens, some of the urls from the emails are cached.
There are lots of results with valid tokens.
Example(s):
cachedLinkedin
upload successful
At the moment I don’t know how these tokens are generated. For now, I will stick with random tokens obtained from google.

How do I find the person behind the token?

Try to open some members only url with valid midToken.
For example, try accessing linkedin group as guest:
https://www.linkedin.com/comm/groups/115855?midToken={token}
For valid tokens you will be redirected to a page where you can see the name behind the account and the notifications count at the top left corner.

Example?

Token: AQEsYc8zLVdUdg
Logo url: https://www.linkedin.com/comm/dms/logo?midToken=AQEsYc8zLVdUdg
Group url: https://www.linkedin.com/comm/groups/115855?midToken=AQEsYc8zLVdUdg

Screenshots in case this token is destroyed.
upload successful
upload successful

tl;dr?

Be careful when posting links from Linkedin.
If you know Jeff, please tell him to check his linkedin profile.