Lynda.com – a subsidiary company of LinkedIn – has recently sent out an email to 9.5 million users to warn them of a data breach.
Although not all 9.5 million users’ data was apparently breached, the online learning company has been keen to alert all users of the breach “out of an abundance of caution”. The database that was accessed included contact information and courses that the users viewed, and a LinkedIn spokesperson also revealed that around 55,000 passwords were in the breached database.
The passwords issue
The company seems to have taken reactive measures and reset all 55,000 user passwords, and notified users of the breach.
It transpires that the passwords were “cryptographically salted and hashed”, which is a secure way to store passwords as ‘salting and hashing’ adds a random combination into the passwords. The company also reassured affected users that no credit card information was included in the breached database.
Has the breached data been made publicly available?
It’s not known whether the database has been made publicly available, but the company’s spokesperson has assured their users that there isn’t any evidence to say it has so far.
As with most data breaches, Lynda.com released a statement to say that “additional steps have been taken to secure the online accounts”. Whether or not this is true, I believe that it’s a little too late. Companies should be prepared in their data security to prevent and fend off cyber-hacks of this nature.
This kind of post-breach stepping up of cybersecurity just isn’t good enough.
Caution from the company
Some may argue that the company has taken proactive measures by alerting users whose passwords were taken in the breach. Their advice was as follows:
“We recently became aware that an unauthorized third party breached a database that included some of your Lynda.com learning data, such as contact information and courses viewed. We are informing you of this issue out of an abundance of caution.
Please know that we have no evidence that this data included your password. And while we have no evidence that your specific account was accessed or that any data has been made publicly available, we wanted to notify you as a precautionary measure.
If you have questions, we encourage you to contact us through our Support Center.
The Lynda.com team”
Related or unrelated breaches?
News of the Lynda.com data breach came just days after Yahoo disclosed even more information about the hack they suffered, which turned out to have affected more than one billion users. However, these security incidents are thought to be unrelated.
There sure seems to be a reoccurring theme of data breaches as millions of LinkedIn user passwords were stolen back in 2012, compromising 167 million accounts. There’s no evidence to suggest that the two hacks were related, but it’d be nonsensical to dismiss them as unconnected. The 2012 hack saw a Russian cyber-hacker, dubbed “Peace”, selling 117 million email addresses and passwords on the “dark web”.
I wouldn’t be surprised if the Lynda.com user passwords obtained by the hacker appeared for sale on the “dark web” at some point in the future. Maybe the recent £20 billion acquisition by Microsoft will teach LinkedIn and Lynda.com a thing or two about information and data security…