LinkedIn training arm Lynda.com suffers data breach

55,000 passwords reset. 9.5 million other users warned.

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

LinkedIn training arm Lynda.com suffers data breach

Online training company Lynda.com, owned by LinkedIn (which itself is being acquired by Microsoft), has suffered a security incident which saw a user database accessed by unauthorised parties.

The “cryptographically salted and hashed” passwords of some 55,000 accounts were reportedly accessed in the incident, which Lynda.com is resetting.

A further 9.5 million users of the skill-learning site are being warned in an advisory email that other information has been accessed – including contact information and details of viewed courses – although their password data is said not to have been exposed.

Sign up to our free newsletter.
Security news, advice, and tips.

In an advisory email, Lynda.com is informing those users of the incident:

Lynda email

We recently became aware that an unauthorized third party breached a database that included some of your Lynda.com learning data, such as contact information and courses viewed. We are informing you of this issue out of an abundance of caution.

Please know that we have no evidence that this data included your password. And while we have no evidence that your specific account was accessed or that any data has been made publicly available, we wanted to notify you as a precautionary measure.

If you have questions, we encourage you to contact us through our Support Center.

The Lynda.com team

The wording of the email is a little odd, and makes me wonder whether this was a traditional “hack” or more a case of a security researcher stumbling across a user database on a server that shouldn’t have been publicly accessible, or found a vulnerability that allowed them to access user information.

Disappointingly, I was unable to find any reference to the data breach on the Lynda.com website. I always think breached sites should post an online notice so users can confirm the incident, rather than blindly trust an email received in their inbox.

Regular readers will recall that LinkedIn is no stranger to database breaches.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

One comment on “LinkedIn training arm Lynda.com suffers data breach”

  1. Matthew Parkes

    I am always suspicious of such notifications as if passwords were not breached how can the hacker get to other details, should they not be accessible only on the other side of the password? However not being completely thick i assume the data mentioned here is behind some LinkedIn/Lynda SysAdmin password which was what was breached or gotten around via some vulnerability.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.