LinkedIn was hacked four years ago, and what initially seemed to be a theft of 6.5 million passwords has actually turned out to be a breach of 117 million passwords.

On Wednesday, the professional social network company acknowledged that a massive batch of login credentials is being sold on the black market by hackers.

The worst part about it is that, because people tend to reuse their passwords, hackers are more likely to gain access to 117 million people's email and bank accounts.

The advice for everyone who uses LinkedIn at this point is: Change your password and add something called two-factor authentication, which requires a text message every time you sign in from a new computer.

This episode drudges up some embarrassing history for LinkedIn.

Because of the company's old security policy, these passwords are easy for hackers to crack in a matter of days.

Companies typically protect customer passwords by encrypting them. But at the time of the 2012 data breach, LinkedIn hadn't added a pivotal layer of security that makes the jumbled text harder to decode.

Put on the defensive, LinkedIn is now scrambling to try to stop people from sharing the stolen goods online -- often an impractical task. The company is also invalidating all customer passwords that haven't been updated since they were stolen.

LinkedIn said it's reaching out to individual members affected by the breach. This particular hack affects a quarter of the company's 433 million members.