LONDON — Business social network LinkedIn said Wednesday that some of its users’ passwords have been stolen and leaked onto the Internet.
LinkedIn Corp. did not say how many of the more than 6 million passwords that were distributed online corresponded to LinkedIn accounts. In a blog post Wednesday, the company said it was continuing to investigate.
Graham Cluley, a consultant with British Web security company Sophos, recommended that LinkedIn users change their passwords immediately.
LinkedIn has a lot of information on its more than 160 million members, including potentially confidential information related to jobs being sought. Companies, recruiting services, and others have accounts alongside individuals who post resumes and other professional information.
There is added concern that many people use the same password on multiple websites, so whoever stole the data could use the information to access Gmail, Amazon, PayPal, and other accounts, Cluley said.
LinkedIn said users should change passwords at least every few months and avoid using the same ones on multiple sites.
Cluley said hackers are working together to break the encryption on the passwords. It wasn’t known who was behind the attack.
LinkedIn’s blog post had few details about what happened. It said compromised passwords have been deactivated, and members with affected accounts will be sent e-mails with further instructions.