The social networking website LinkedIn is investigating claims that more than 6 million passwords were stolen and uploaded to a Russian-language web forum today.
Reports of the hacking first appeared on Russian language websites and were confirmed by security firms, who reported that a user in Russian-language forum posted the passwords today.
A Twitter account run by LinkedIn announced this morning that the company "continues to investigate" but was still unable to confirm whether any security breach occurred.
Graham Cluley, a security expert working at the British firm Sophos, said in a blog post that although the passwords are not correlated to user names, "it is reasonable to assume that such information may be in the hands of the criminals."
Cluley said that the security firm had confirmed that the file uploaded to the Russian forum did contain the LinkedIn passwords, despite the company's hesitation to confirm it.
Users who fear that their passwords may have been stolen can change their passwords on the website by clicking on their names in the upper right corner of the website's homepage, and then clicking on Settings and choosing the "Change" link next to password.
Cluley also recommended changing passwords at other sites where users may have used the same password.
UPDATE:LinkedIn has confirmed the security breach. It is urging customers to change their passwords. Users with accounts associated with the compromised passwords will automatically have their passswords changed and will be prompted to create a new one.