6.5 million passwords from the business networking site LinkedIn have apparently been leaked onto the internet by a Russian hacker.
The hacker posted on a Russian forum that he had hacked and uploaded the passwords. LinkedIn has confirmed it’s looking into reports of stolen passwords, but have so far been unable to find a security breach.
"Our team continues to investigate, but at this time, we’re still unable to confirm that any security breach has occurred. Stay tuned here," the company posted on its official Twitter account.
LinkedIn passwords use the SHA-1 algorithm, which is considered to be very secure. Complicated passwords will take time to crack, however more simple ones could be at risk, and experts have advised to change passwords as a precaution.
"Although the data which has been released so far does not include associated email addresses, it is reasonable to assume that such information may be in the hands of the criminals. As such, it would seem sensible to suggest to all LinkedIn users that they change their passwords as soon as possible as a precautionary step," said Sophos’s Graham Cluley in a company blog post.
"Of course, make sure that the password you use is unique (in other words, not used on any other websites), and hard to crack."
Reports of a security breach follow on from claims by security researchers that LinkedIn’s iOS app is collecting information (including passwords) from calendar entries and transmitting it back to the firm’s servers, without user permission.