SAN FRANCISCO — LinkedIn Corp., owner of the world’s biggest professional-networking website, Wednesday confirmed reports that some user passwords were compromised in a security breach.
The Mountain View, Calif.-based company apologized to customers in a blog post and said that members will know if their accounts were affected because their passwords will no longer work.
“We take the security of our members very seriously,” the company said. The service has more than 160 million users.
LinkedIn said on its Twitter micro-blogging site earlier Wednesday that it was investigating reports of stolen passwords. The company cites security issues as a risk for investors in regulatory filings, and disclosed as recently as last month that it has experienced website disruptions and outages for reasons including “denial of service or fraud or security attacks.”
Future disruptions were possible, according to the May 7 filing. Breaches demonstrate a need for U.S. legislation to help safeguard data, a member of Congress said.
“How many times is this going to happen before Congress finally wakes up and takes action?” said Rep. Mary Bono Mack, a California Republican who heads a House Energy and Commerce subcommittee that has looked at online-privacy issues, in a statement. “This latest incident once again brings into sharp focus the need to pass data protection legislation.”
LinkedIn sent its first tweet Wednesday morning telling users that it was looking into the issue and followed up about 8:20 a.m. PDT time, saying nothing was confirmed. A spokeswoman, Erin O’Harra, said LinkedIn would continue to update users on Twitter.
LinkedIn advised users never to change passwords by following an email link, as “those links might be compromised and redirect you to the wrong place.” The company’s website has a “Settings” page where changes can be made.
“In order for passwords to be effective, you should update your online account passwords every few months or at least once a quarter,” the company said on Twitter, while listing tips on password creation.
While the company didn’t mention any specific attacks in its regulatory filings, Reuters reported in May 2011 that the website had “security flaws” that made accounts vulnerable to hackers, citing a security researcher who identified the problem.