[BreachExchange] LinkedIn Sends out Password Reset Emails following Lynda.com Data Breach

Audrey McNeil audrey at riskbasedsecurity.com
Mon Dec 19 18:43:25 EST 2016 

http://winbuzzer.com/2016/12/18/linkedin-sends-password-
reset-emails-following-lynda-com-data-breach-xcxwbn/

The now Microsoft-owned LinkedIn has admitted to a database breach of its
learning arm Lynda.com. According to officials, attackers retrieved learner
data of 9.5 million customers.

Out of those users, 55,000 had password information in the database, and
have had the credentials reset. LinkedIn salted and hashed the passwords
and there was no credit card information.

The LinkedIn Email

Little information is available about the source of the hack and how they
managed to find a hole in security. LinkedIn’s email states that it was
carried out by an “unauthorized third party.”

Officials also reassured publications they have “taken additional steps” to
secure accounts and there’s no evidence that the information is publicly
available. Here’s the full email sent to users:

“We recently became aware that an unauthorized third party breached a
database that included some of your Lynda .com learning data, such as
contact information and courses viewed. We are informing you of this issue
out of an abundance of caution.

Please know that we have no evidence that this data included your password.
And while we have no evidence that your specific account was accessed or
that any data has been made publicly available, we wanted to notify you as
a precautionary measure.”

LinkedIn’s quick response means that it’s unlikely hackers will compromise
accounts. In addition, password hashing means that it will be harder for
the attacker to reveal them anyway.

However, other accounts with the same password are at risk. As the breach
included email addresses, an attacker could try the passwords on other
services. It’s important that affected users take precautions any other
site that uses that password.

In all likelihood, the third-party will sell the email addresses. Lynda
users may experience an increase in spam or phishing emails, so it’s worth
being extra cautious.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20161219/1200e741/attachment.html>

More information about the BreachExchange mailing list