LinkedIn has emailed 400 million users after a massive security breach in 2012 compromised the passwords of 167 million accounts. The career-oriented portal, which now has 400 million users, said the breach may lead to passwords of the millions of accounts being leaked on the internet. In a statement, the company said, “On May 17, 2016, we became aware that data stolen from LinkedIn in 2012 was being made available online. This was not a new security breach or hack. We took immediate steps to invalidate the passwords of all LinkedIn accounts that we believed might be at risk.”

The statement added that these were for accounts created before the 2012 hack for which passwords had not been reset since the security lapse. “In addition, we are using automated tools to attempt to identify and block any suspicious activity that might occur on LinkedIn accounts. We are also actively engaging with law enforcement authorities,” it said.

A Forbes report had said the hacker was recently trying to sell the passwords of these accounts on the dark web for 5 bitcoin, or about $2,200.