Professional social networking site LinkedIn has been hacked and has suffered a major data breach resulting in the loss of millions of user passwords.
According to the company's twitter account (@LinkedIn), the company is looking into the reports of stolen passwords and continues to investigate.
However, other companies and news outlets are coming forward to confirm the breach. It has been reported on MSNBC.com that security firm Sophos has confirmed the breach, with a Sophos report stating that "files posted on a Russian hacker site do contain LinkedIn passwords." The latest articles are listing the number at 6.5 million passwords leaked. And the Wall Street Journal reports that Sophos and security firm Rapid7 told CIO Journal that "they were able to confirm the breach by searching for the known passwords of colleagues within the massive file they say has been spreading through other hacker forums."
According to WSJ, the leaked passwords would represent about 4 percent of LinkedIn users. There is no evidence yet that the passwords have been linked with e-mail addresses.
Experts are advising that users change their LinkedIn and e-mail passwords. However, WSJ reports that Rapid7 researcher Marcus Carey has warned that doing that may not be enough: "“The vulnerability hasn’t yet been worked out, so the attackers may still be in the system and you may need to change your password again, once the flaw is worked out,” Carey said. “This may be a two time thing.”