Cyber Incident Victim: LinkedIn Learning
Date:
Dec 2016
Location:
United States of America
Summary
An online learning platform experienced an unauthorised database breach compromising contact information and course viewing records for approximately 55,000 user accounts. The company reset passwords for all affected accounts and proactively notified its entire user base despite confirming no broader data exposure occurred beyond the specified records. Internal investigations found no evidence that accessed information had been publicly disseminated, with the organisation collaborating with law enforcement to address the incident. This breach follows a prior unrelated security incident involving the platform's parent company, which previously suffered a larger-scale compromise of user credentials.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In December 2016, LinkedIn's online learning platform Lynda.com experienced a data breach involving unauthorized access to a database containing user information. The breach compromised contact details and records of courses viewed for approximately 55,000 accounts out of Lynda.com's 9.5 million users. The company confirmed the intrusion and took immediate action by resetting passwords for all affected accounts as a precautionary security measure. Lynda.com proactively notified its entire user base about the incident via email despite confirming that only a small fraction of accounts were directly impacted. The notification emphasized that the breach disclosure was made "out of an abundance of caution" and clarified that most users' data remained uncompromised. Lynda.com's public statement acknowledged the unauthorized third-party access to learning data but asserted no evidence suggested the stolen information had been publicly disseminated. The company engaged law enforcement agencies to investigate the breach and stated it was treating the incident with high priority, as reflected in its Twitter responses to concerned users.
The incident represented the second major cybersecurity event affecting LinkedIn properties following the 2012 breach of LinkedIn's main platform that exposed over 100 million user credentials. While the Lynda.com breach was significantly smaller in scale, it raised concerns due to the exposure of educational viewing histories alongside basic contact information. Lynda.com maintained operational continuity throughout the response, with no reported system outages or service disruptions resulting from the breach. The company's containment strategy focused on credential security through password resets and transparent communication, though no additional security measures like mandatory two-factor authentication were referenced in the disclosure. No threat actor claimed responsibility for the breach, and Lynda.com did not specify whether the database access resulted from external exploitation or internal vulnerabilities. The breach notification process highlighted the platform's commitment to user transparency while underscoring the persistent cybersecurity challenges facing educational technology platforms integrated within larger corporate networks.