Online learning site Lynda.com has informed its 9.5 million users that their accounts may have been hacked.
The LinkedIn-owned platform, which offers business and technology courses taught by industry experts, emailed users earlier this week to warn that an unauthorised third party had gained access to its system, and may have been able to view account holder contact details and learning data.
As a precautionary measure, the firm has reset the passwords on some 55,000 accounts, despite claiming the hackers were only able to access a limited amount of information.
“We are informing you of this issue out of an abundance of caution,” Lynda.com said in its email message.
“Please know that we have no evidence that this data included your password. And while we have no evidence that your specific account was accessed or that any data has been made publicly available, we wanted to notify you as a precautionary measure.”
In a blog post on his website, computer security expert Graham Cluley suggested the “odd” wording of the email made him wonder “whether this was a traditional ‘hack’ or more a case of a security researcher stumbling across a user database on a server that shouldn’t have been publicly accessible”.
News of the breach comes just days after Yahoo! revealed that data from more than one billion of its user accounts may have been accessed by hackers in 2013. According to cybersecurity firm InfoArmor, the stolen information was sold on to three parties who each paid $300,000, and is still available for purchase on the dark web now.
Millions of people could have been affected by the Yahoo! hack without knowing it, as the once-mighty internet firm provides white label email services to a number of companies, and owns a network of sites such as picture sharing platform Flickr.
Lynda.com’s “abundance of caution” might stem from parent company LinkedIn’s own massive data breach back in 2012, when suspected Russian hackers managed to steal millions of user login details from the firm’s servers.
In May of this year, a hacker was reportedly attempting to sell 100 million LinkedIn logins stolen in the attack on the dark web. Although LinkedIn users were advised to change their login details after the 2012 breach, the data could still be valuable to cyber criminals if LinkedIn account users had used the same password for other websites and services.
A Russian man was arrested in Prague in connection with the 2012 LinkedIn attack in October. Yevgeniy Nikulin was arrested after Interpol issued an international warrant for his capture. Both Russia and the US are currently seeking the extradition of Nikulin, who allegedly also hacked a number of other prominent Silicon Valley firms, including cloud storage provider Dropbox.