LinkedIn resets some Lynda.com users’ passwords following data leak

Lynda.com homepage.


Online learning company Lynda.com, which is a subsidiary of LinkedIn, which is now officially a subsidiary of Microsoft, today sent out an email to some users alerting them to the breach of a database that includes contact information and courses that users viewed. Altogether it’s emailing about 9.5 million users whose passwords weren’t included in the affected database, a LinkedIn spokesperson told VentureBeat in an email.

But there were a small percentage of users (fewer than 55,000) whose passwords were in the breached database, and Lynda.com has reset their passwords and told them that it has done so. The passwords were “cryptographically salted and hashed” and no credit card information was included, the spokesperson wrote.

“We have no evidence that any of this data has been made publicly available and we have taken additional steps to secure Lynda.com accounts,” the spokesperson wrote.

The Lynda.com incident comes a few days after Yahoo disclosed a hack of data on more than 1 billion user accounts. But the LinkedIn spokesperson noted that the two incidents were not related.

In any case, here’s the note that Lynda.com sent to people whose passwords weren’t part of the breach:

We recently became aware that an unauthorized third party breached a database that included some of your Lynda​.com learning data, such as contact information and courses viewed. We are informing you of this issue out of an abundance of caution.

Please know that we have no evidence that this data included your password. And while we have no evidence that your specific account was accessed or that any data has been made publicly available, ​we wanted to notify you as a precautionary measure.

If you have questions, we encourage you to contact us through our Support Center.

The Lynda​.com team

Update at 8:22 p.m. Pacific: Added detail about the passwords.

Security – VentureBeat