But LinkedIn came under fire for failing to 'salt' the passwords, which were originally hashed with SHA1. Salting a password amounts to placing random digits at the end of hashes, to make them more difficult to crack.
LinkedIn said that although the breach was much larger than first thought, the compromised usernames and passwords were not as a result of a new security breach.
A suspect, Russian citizen Yevgeny Nikulin, 29, was arrested in Prague and now faces extradition to the United States.
Sign up for CIO Asia eNewsletters.