There's that, but what I meant was they could combine the user's LinkedIn password with their email address and most of the time that would be a valid user/pass combination due to the frequency of password reuse. It's not like LinkedIn don't have access to the plaintext version of the user's password. After all, the hashing isn't done on the client but on the server.

That's brazen, but if the plaintiffs complied with that prompt then they're basically telling the World that they not only violated the TOS of their e-mail provider but also their terms of employment and common sense.

Looks like implementing two-factor authentication might not only protect companies against malicious intruders but also from their own employees spilling the beans.