BreachExchange mailing list archives
LinkedIn Sends out Password Reset Emails following Lynda.com Data Breach
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Mon, 19 Dec 2016 16:43:25 -0700
http://winbuzzer.com/2016/12/18/linkedin-sends-password- reset-emails-following-lynda-com-data-breach-xcxwbn/ The now Microsoft-owned LinkedIn has admitted to a database breach of its learning arm Lynda.com. According to officials, attackers retrieved learner data of 9.5 million customers. Out of those users, 55,000 had password information in the database, and have had the credentials reset. LinkedIn salted and hashed the passwords and there was no credit card information. The LinkedIn Email Little information is available about the source of the hack and how they managed to find a hole in security. LinkedIn’s email states that it was carried out by an “unauthorized third party.” Officials also reassured publications they have “taken additional steps” to secure accounts and there’s no evidence that the information is publicly available. Here’s the full email sent to users: “We recently became aware that an unauthorized third party breached a database that included some of your Lynda .com learning data, such as contact information and courses viewed. We are informing you of this issue out of an abundance of caution. Please know that we have no evidence that this data included your password. And while we have no evidence that your specific account was accessed or that any data has been made publicly available, we wanted to notify you as a precautionary measure.” LinkedIn’s quick response means that it’s unlikely hackers will compromise accounts. In addition, password hashing means that it will be harder for the attacker to reveal them anyway. However, other accounts with the same password are at risk. As the breach included email addresses, an attacker could try the passwords on other services. It’s important that affected users take precautions any other site that uses that password. In all likelihood, the third-party will sell the email addresses. Lynda users may experience an increase in spam or phishing emails, so it’s worth being extra cautious.
_______________________________________________ BreachExchange mailing list sponsored by Risk Based Security BreachExchange () lists riskbasedsecurity com If you wish to Edit your membership or Unsubscribe you can do so at the following link: https://lists.riskbasedsecurity.com/listinfo/breachexchange
Current thread:
- LinkedIn Sends out Password Reset Emails following Lynda.com Data Breach Audrey McNeil (Dec 20)