Bad news if, like so many of us, you’re bad about reusing passwords across the Internet. Many outlets are reporting a Russian hacker claims to have nearly 6.5 million encrypted user passwords. The Verge reports:

There is a possibility that this could be a hoax, but several people have said on Twitter that they found their real LinkedIn passwords as hashes on the list. Many of the hashes include “linkedin,” which seems to add credence to the claims.

They also talked to F-Secure’s chief research officer, Mikko Hypponen, who believes it’s real.

The passwords were encrypted as unsalted SHA-1 hashes. Translation: They’re encrypted, but they’re not as secure as they could be and if you’re using something like “dragons” or “password,” you should probably be worried.

LinkedIn has yet to confirm the breach. At 8:06 a.m, the company’s Twitter newsfeed said, “Our team is currently looking into reports of stolen passwords. Stay tuned for more.” At 10:18 a.m, the company followed up with, “Our team continues to investigate, but at this time, we’re still unable to confirm that any security breach has occurred. Stay tuned here.”

Meanwhile, the tech talent over at Hacker News are already picking apart the file.

This story is developing and we’ll update as we learn more.

Now if you’ll excuse us, we’re off to make sure we haven’t been hacked six ways to Sunday.