jun 3, 2012 - LinkedIn: 100 million Accounts Exposed
The stolen passwords, which were hashed (i.e. just a checksum was stored, allowing testing whether a given password is the correct one), were cracked and posted on a Russian password forum later on that day. By the morning of June 6, passwords for thousands of accounts were available online in plain text. Graham Cluley of the internet security firm Sophos warned that the leaked passwords could be in the possession of criminals by 6 June. LinkedIn said, in an official statement, that they would email all its members with security instructions and instructions on how they could reset their passwords.
In May 2016, LinkedIn discovered an additional 100 million email addresses and hashed passwords that claimed to be additional data from the same 2012 breach. In response, LinkedIn invalidated the passwords of all users that had not changed their passwords since 2012.
Added to timeline: