Lynda.com has suffered a data breach in which an unauthorized third-party accessed the passwords for 55,000 of its members.
The LinkedIn-owned online training company confirmed that the unauthorized party accessed a database containing members’ information. It therefore asked those 55,000 members to reset their passwords.
The company also sent out an advisory email to an additional 9.5 million users. In it, Lynda.com warned them that those responsible for the breach might have accessed some of their personal and/or user data:
“We recently became aware that an unauthorized third party breached a database that included some of your Lynda.com learning data, such as contact information and courses viewed.”
The email went on to specify that Lynda.com has no evidence to suggest the unauthorized party accessed any of those 9.5 million users’ passwords. Even so, the company decided to alert them about the incident as a “precautionary measure.”
At this time, it’s not clear how the individuals responsible for the breach accessed the user database. Computer security expert Graham Cluley says the email’s wording makes him wonder whether a security researcher found the database on a publicly available server or found a vulnerability that allowed them to access the database. He’s not so sure malicious actors accessed and then stole the database.
In the absence of any more information, it’s important that all members of Lynda.com change their passwords out of an abundance of caution.
In the meantime, organizations should take certain steps to protect themselves against hackers. One of their strategies should be to train their employees so that they can spot and not fall for a phish. They can accomplish this via the use of third-party security awareness training software.