Security experts who have seen the data say the encryption appears weak and will likely be broken in short order. This means millions more will soon be at risk of having their accounts compromised. While the social network has yet to confirm the breach, it did say it was "looking into reports".
With 150 million users total, this hack only affects about five percent of LinkedIn's userbase. That said, the attack vector nor extent of the hack is known and more password data may exist. While the hackers have not posted user data to match these passwords, Finnish security firm CERT-FI believes they have access to such information.
If you're on LinkedIn, it's a good idea to change your password now. Make sure this password is different from those of other sites, for additional security. This makes you less susceptible to attacks where a hacker gains access to one of your accounts and then attempts to use these credentials elsewhere.
News of the hack follows another report from Wednesday morning on the way LinkedIn's iOS app transmits data. TheNextWeb reports that the app collects notes and calendar information and sends it to the company in plain text, possibly disclosing private information to snoopers.
The option is opt-in, so by default the app will send no data. LinkedIn appeared to take issue with the report, although it has updated both the iOS and Android apps as a result.
"You may have seen a few press stories highlighting concerns about how your data is used in the opt-in calendar feature of our mobile phone apps", mobile product head Joff Redfern writes in a blog post.
Calling it a "great feature", Redfern says the LinkedIn app will "no longer send data from the meeting notes section of your calendar event". Additionally, the app now includes a "learn more" link for users to understand better how their data is being used. Redfern stressed that data had always been sent over a secure (SSL) connection.