LinkedIn investigating hack after 6.46 million passwords reported stolen

LinkedIn said on Wednesday that it is investigating reports of an apparent hack, after millions of LinkedIn passwords were said to have been leaked online.

"Our team is currently looking into reports of stolen passwords," the company wrote in a message on its Twitter feed. "Stay tuned for more."

A user on a Russian Web forum claimed to have downloaded 6,458,020 LinkedIn passwords.

According to ZDNet, Finnish security firm CERT-FI is warning that the hackers may have access to user email addresses, too, "though they appear encrypted and unreadable."

According to, the hackers are reportedly "crowd-sourcing help in breaking the encryption."

The apparent hack affects less than 10 percent of LinkedIn's 150 million users worldwide. Nonetheless, those with accounts on the so-called "professional" social network have been advised to change their passwords.

The news comes in the wake of security concerns surrounding LinkedIn's mobile application calendar feature. The company said on Wednesday that it was in the process of updating the app, after researchers noticed a flaw in the way the app shared potentially sensitive "meeting notes" data.

UPDATE: 5:33 p.m. ET: LinkedIn confirmed that some of the passwords reported stolen correspond to user accounts.

Meanwhile, Gary Davis, director of global consumer product marketing at McAfee, passed along the following tips for LinkedIn users:

1. Log into the LinkedIn website via a new browser window (do not access it through an email) and change the password. Make it a monthly routine to update your password.

2. Change the password of other accounts, such as email and financial accounts, if you use the same password.

3. Review your list of LinkedIn connections in your network to ensure there are none that do not look familiar.

4. Beware of any phishing emails that claim to be from LinkedIn.

5. This is a good time to check privacy settings are set appropriately.

6. Make sure your computer us up-to-date with all its critical security patches and your browser is secured.