Security News Microsoft-owned LinkedIn is sending emails to users about a Lynda.com data breach

[Exterminator]

LinkedIn has begun informing Lynda.com users of a data breach, emailing customers to say that "an unauthorized third party breached a database that included some of your Lynda.com learning data, such as contact information and courses viewed."

The company says that there is no evidence to support the thought that passwords were included in this data, and it is simply notifying users out of caution. In fact, the email doesn't even tell the user to change their password. Here's the full text:

We recently became aware that an unauthorized third party breached a database that included some of your Lynda.com learning data, such as contact information and courses viewed. We are informing you of this issue out of an abundance of caution.

Please know that we have no evidence that this data included your password. And while we have no evidence that your specific account was accessed or that any data has been made publicly available, we wanted to notify you as a precautionary measure.

If you have questions, we encourage you to contact us through our Support Center.

The Lynda.com team

Lynda.com was acquired by LinkedIn in April, 2015. Of course, Microsoft's deal to purchase LinkedIn for $26.2 billion was only cleared by the European Commission about a week and a half ago, making Lynda.com a Microsoft property.

While this doesn't seem to be even close to the same scale, Yahoo also announced a data breach recently that affected a billion users, and Verizon is reconsidering its acquisition of the company.

Other than the emails that users are receiving, neither LinkedIn nor Microsoft have issued official statements. We've reached out to both companies for comment, as well as clarification on when this happened, how many users were affected, and what type of data was taken. Naturally, we're not expected to hear anything until Monday.

Update: A LinkedIn spokesperson has issued the following statement to Neowin:

"We recently became aware that an unauthorized third party accessed a database that included Lynda.com user data. As a precautionary measure, we reset passwords for the less than 55,000 Lynda.com users affected and are notifying them of the issue. We’re also working to notify approximately 9.5 million Lynda.com users who had learner data, but no password information, in the database. We have no evidence that any of this data has been made publicly available and we have taken additional steps to secure Lynda.com accounts."

 

[soccer97]

And Lynda merged into LinkedIn, now owned by Microsoft. How many times do I need to change both passwords. . Maybe they should change their site structure / programming or 'quarantine' the login area with a minimum of 256-bit encryption. SSO/Shibboleth is getting to be needed more often.

The problem may be that there are so many links to external sites and data ('Pulse, updates, and articles that it makes them more vulnerable'.......

It would be wise for everyone to make their password for LinkedIN a 'Stronger' one, and change it at minimum every 6 months..... (and discontinue your Yahoo account if you feel it is wise....., I will be).