Linkedin unread notifications count is open for everyone

Whenever I get email from Linkedin, there’s the logo at the top with the unread notifications count.
It’s nice detail, and of course, will be even nicer if I can find a way to abuse this.


I don’t have answer for this. Maybe to see if the user is still using Linkedin? Lots of unread notifications suggests the profile is not active. Or, erm.. yeah, I got nothing.


The trick is to visit the Linkedin logo url with valid midToken parameter.
The url is:{token}

Valid token returns the image, invalid token results in 401 http status code.

How to get tokens?

Querying for Linkedin tokens
No, seriously. People copy & paste links with these tokens, some of the urls from the emails are cached.
There are lots of results with valid tokens.
upload successful
At the moment I don’t know how these tokens are generated. For now, I will stick with random tokens obtained from google.

How do I find the person behind the token?

Try to open some members only url with valid midToken.
For example, try accessing linkedin group as guest:{token}
For valid tokens you will be redirected to a page where you can see the name behind the account and the notifications count at the top left corner.


Token: AQEsYc8zLVdUdg
Logo url:
Group url:

Screenshots in case this token is destroyed.
upload successful
upload successful


Be careful when posting links from Linkedin.
If you know Jeff, please tell him to check his linkedin profile.