The now Microsoft-owned LinkedIn has admitted to a database breach of its learning arm Lynda.com. According to officials, attackers retrieved learner data of 9.5 million customers.
Out of those users, 55,000 had password information in the database, and have had the credentials reset. LinkedIn salted and hashed the passwords and there was no credit card information.
The LinkedIn Email
Little information is available about the source of the hack and how they managed to find a hole in security. LinkedIn’s email states that it was carried out by an “unauthorized third party.”
Officials also reassured publications they have “taken additional steps” to secure accounts and there’s no evidence that the information is publicly available. Here’s the full email sent to users:
“We recently became aware that an unauthorized third party breached a database that included some of your Lynda .com learning data, such as contact information and courses viewed. We are informing you of this issue out of an abundance of caution.
Please know that we have no evidence that this data included your password. And while we have no evidence that your specific account was accessed or that any data has been made publicly available, we wanted to notify you as a precautionary measure.”
LinkedIn’s quick response means that it’s unlikely hackers will compromise accounts. In addition, password hashing means that it will be harder for the attacker to reveal them anyway.
However, other accounts with the same password are at risk. As the breach included email addresses, an attacker could try the passwords on other services. It’s important that affected users take precautions any other site that uses that password.
In all likelihood, the third-party will sell the email addresses. Lynda users may experience an increase in spam or phishing emails, so it’s worth being extra cautious.