LinkedIn is investigating claims that 6,458,030 encrypted passwords have been uploaded to a Russian hacking forum.
Although the passwords are encrypted and appear without usernames, LinkedIn is urging its users to change their log in details. The passwords are encrypted with the SHA-1 cryptographic hash function, which is considered to be relatively secure but not completely foolproof.
Security researcher Graham Cluley told the BBC he believed the breach was genuine.
"We did a search through the data for (hashed) passwords that we at Sophos use only on LinkedIn. We found those passwords in the data. We also saw that hundreds of the passwords contain the word ‘LinkedIn’.
The potential password leak comes at a bad time for the social media site, which faced criticism after it was revealed that its iOS app was sending information from users’ phones back to the company in plain text.
So far LinkedIn has not released a formal statement but has tweeted saying: "Our team is currently looking into reports."
Want to receive up-to-the-minute tech news straight to your inbox? Then click here to sign up for the completely free PCR Daily Digest and Newsflash email services. You can also follow PCR on Twitter and Facebook.