The exploit is based on a credentials phishing attack that uses a typo-squatting domain. Once the user falls for this social engineering tactic and enters their credentials, the 2FA token gets intercepted and it's trivial to hack into the LinkedIn account.