I doubt they are using anyone's credentials without permission, or "hacking" accounts either, but their mobile apps do have full access to your contact list.
It isn't that they are stealing credentials on behalf of users; even today the UI is confusing and too verbose. It's clumsy. It's like reading credit card statements with tiny fonts. I am very caution about what I do on a web service but LinkedIn bit me once. If you happen to did one step wrong (even when you thought you override that decision already), LinkedIn will somehow send invite to everyone. Whatever the step might be or whatever bug there is. Just plain annoying. And this happens to many LinkedIn user on planet earth.