Business networking site LinkedIn has confirmed reports of a password security breach, advising all users to change their passwords and blocking the passwords of those directly affected.
According to a post on the LinkedIn blog, members whose passwords have been blocked will receive an email with instructions on resetting their passwords.
The poster, Vicente Silveira, notes that these emails won’t contain any links, which tend to indicate illegitimate phishing attacks.
"For security reasons, you should never change your password on any website by following a link in an email,” Silveira writes.
According to Mashable, the breach first came to light when a Russian forum user claimed to have uploaded 6.46 million passwords from the site, posting the passwords without their associated usernames to prove it.
If you’re a LinkedIn user, you can go here for information on changing your password.
Update: In response to the widespread LinkedIn password theft, Unisys security program director John Kendall has issued an additional warning, saying users need to do more than just change their passwords.
"If you use the same or similar password for other organisations and accounts you should change those passwords as well,” Kendall says.
"The real danger for people who have had their LinkedIn logon details stolen is not just that unauthorised people may try to access their LinkedIn account and infiltrate their network of connections, it is that they may try to use the LinkedIn details to gain access to other systems such as email or online banking.”