December 19, 2016
Online training company Lynda.com has notified customers of a database breach, but Duke users of the Lynda.com service should not be impacted.
The company, owned by LinkedIn (which itself is being acquired by Microsoft), has reported a security incident involving a user database that was accessed by unauthorized parties. The "cryptographically salted and hashed" passwords of some 55,000 accounts were reportedly accessed in the incident, which Lynda.com is resetting. Another 9.5 million users are being warned in an advisory email that other information has been accessed, including contact information and details of viewed courses, although their password data is said not to have been exposed.
While some Duke faculty, staff and students use Lynda.com via OIT’s offering (https://oit.duke.edu/what-we-do/applications/lyndacom), access is through Shibboleth, thus protecting Duke users from password exposure.
At this time, there is no action needed.