Graham Cluley, a security consultant at Sophos, also advised users to change their passwords in a blog post, adding that email addresses may have been compromised as well.
Per Thorsheim, a Norwegian security professional, tweeted that numerous passwords contained “linkedin,” leaving little doubt to him about the accuracy of the list.
Security researcher Mikko Hypponen told Forbes he has seen three lists which contain nearly 300,000 cracked passwords, with some including “linkedin.”
Jan H. Straumsheim replied to Thorsheim’s tweet, saying that he was able to find his own LinkedIn hash in the uploaded list and a security professional at Security Ninja also tweeted that he found his hash as well.
Reports of the stolen passwords came on the same day that Joff Redfern, head of mobile products at LinkedIn, responded to reports that the company’s Apple iOS app was collecting calendar details and meeting notes from users and sending that information back to the company.
Redfern wrote in a blog post that LinkedIn attempts to send users’ calendar information to its servers so it can match people with LinkedIn profiles.
He added that no information is stored on the company’s servers and that the company will stop sending data from meeting notes about calendar events.