LinkedIn Corp., owner of the world’s biggest professional-networking website, said that it’s looking into unconfirmed reports of stolen passwords.
“Our team continues to investigate, but at this time, we’re still unable to confirm that any security breach has occurred,” the Mountain View, California-based company said on its Twitter Inc. micro-blogging site.
Researchers at U.K. Web security company Sophos say they have confirmed that a file posted online does contain, in part, LinkedIn passwords “hashes.” That’s a way of encrypting or storing passwords in a different form.
Graham Cluley, a consultant with Sophos, recommended that LinkedIn users change their passwords immediately.
LinkedIn has a lot of information on its more than 160 million members, including potentially confidential information related to jobs being sought. Companies, recruiting services and others have accounts alongside individuals who post resumes and other professional information.
There’s added concern that many people use the same password on multiple websites, so whoever stole the data could use the information to access Gmail, Amazon, PayPal and other accounts, Cluley said.
Cluley said hackers are working together to break the encryption on the passwords.
LinkedIn sent its first tweet this morning telling users that it was looking into the issue and followed up at about 11:20 a.m., New York time saying nothing was confirmed. A spokeswoman, Erin O’Harra, said LinkedIn will continue to update users on Twitter.
The company cites security issues as a risk for investors in regulatory filings. In a quarterly report to the U.S. Securities and Exchange Commission last month, LinkedIn said it has experienced website disruptions and outages for reasons that have included “denial of service or fraud or security attacks.” Future disruptions were possible, according to the filing.
While the company didn’t mention any specific attacks, Reuters reported in May 2011 that the website had “security flaws” that made accounts vulnerable to hackers, citing a security researcher who identified the problem.
(Bloomberg news contributed to this report.)