LONDON — Business social network LinkedIn said Wednesday it is investigating reports that more than six million passwords have been stolen and leaked onto the Internet.
Graham Cluley, a consultant with U.K. web security company Sophos, said in a blog post that a file containing more than six million encrypted passwords has been posted on the Internet and hackers are working together to crack them.
“Although the data which has been released so far does not include associated email addresses, it is reasonable to assume that such information may be in the hands of the criminals,” he said.
While LinkedIn did not confirm if any user data had been hacked or leaked, Cluley said that investigations by Sophos researchers have confirmed that the file posted online does contain, in part, LinkedIn passwords. Cluley recommended LinkedIn users change their passwords “as soon as possible.”
LinkedIn referred repeated requests for comment to the company’s Twitter feed, where it said its team was “looking into reports of stolen passwords.”
Two hours later, the company posted a second tweet saying that it was still unable to confirm if a security breach had occurred.
Shares of the Mountain View, Calif-based company edged down 1.2 percent to $91.89 in midday trading.