LinkedIn (NYSE: LNKD) was hacked four years ago, and what initially seemed to be a theft of 6.5 million passwords has actually turned out to be a breach of 117 million passwords.
On Wednesday, the professional social network company acknowledged that a massive batch of login credentials is being sold on the black market by hackers.
The worst part about it is that, because people tend to reuse their passwords, hackers are more likely to gain access to 117 million people's email and bank accounts.
LinkedIn subscribers are being urged to change their passwords and add something called two-factor authentication, which requires a text message every time you sign in from a new computer.
Because of the company's old security policy, old passwords are easy for hackers to crack in a matter of days.
Companies typically protect customer passwords by encrypting them. But at the time of the 2012 data breach, LinkedIn hadn't added a pivotal layer of security that makes the jumbled text harder to decode.
Put on the defensive, LinkedIn is now scrambling to try to stop people from sharing the stolen goods online -- often an impractical task. The company is also invalidating all customer passwords that haven't been updated since they were stolen.
This particular hack affects a quarter of the company's 433 million members.
LinkedIn shares fell 69 cents at Thursday's open to $127.70 U.S., within a 52-week trading range of $98.25 to $258.39 U.S.
