Lynda.com has been through a data breach. A user database consisting of 55,000 accounts has been accessed. Apparently, the passwords belonging to these accounts were salted and hashed. Lynda.com was bought by LinkedIn which has been acquired by Microsoft.
Lynda.com Warns Other 9.5 Million Users of More Information Being Accessed
The online training company has released an advisory:
We recently became aware that an unauthorized third party breached a database that included some of your Lynda.com learning data, such as contact information and courses viewed. We are informing you of this issue out of an abundance of caution.
Please know that we have no evidence that this data included your password. And while we have no evidence that your specific account was accessed or that any data has been made publicly available, we wanted to notify you as a precautionary measure.
If you have questions, we encourage you to contact us through our Support Center.
The Lynda.com team
Security Researcher Graham Cluley made an interesting observation, saying that what Lynda said was a bit too vague. He suspects that the user database may have been stored on a server that shouldn’t have been accessible by the public. What if a security researcher found it by accident, or located a vulnerability that allowed for the user data to be reached?
Considering the Fact that Microsoft Acquires LinkedIn, How Worried Should We Be?
Security researchers explain that the breach highlights the importance of being precautious during an acquisition process. Acquisitions can bring unintentional risks, as explained by RiskVision CEO Joe Fantuzzi.
That’s not the only breach that people should be aware of. 756,000 people’s confidential health data or personal information was most likely breached when a May 2016 phishing email tricked 108 Los Angeles County employees into sharing names and passwords to their accounts.