LinkedIn admitted to understating the damage done by a hacker.   From the WSJ:

After hackers stole usernames and passwords from LinkedIn Corp. in 2012, the company spent close to $1 million on an investigation that determined that 6.5 million users had been affected.

This week, LinkedIn acknowledged that it underestimated the impactby more than 100 million users, whose passwords may have been compromised for years.

The new disclosure, in a LinkedIn blog post on Thursday, came after a hacker claimed to have a database of 117 million usernames and passwords. The professional social network, which now has 433 million members, said it would force users who hadnt reset their passwords since 2012 to do so.