Last week, many LinkedIn users received an alarming email from the social media company informing them of a LinkedIn security issue. In 2012, LinkedIn was the victim of a cyber-attack that resulted in the disclosure of member account information, including email addresses, passwords and LinkedIn member IDs (an internal identifier that LinkedIn assigns to each member profile).

When the company first reported the breach in 2012, it stated 6.5 million accounts were affected and required those members to reset their passwords. Now, LinkedIn reports that the breach affected over 100 million users whose information is currently being released online. In response, the company invalidated the passwords of any users that had not reset their password since the 2012 breach.

While some are left wondering what took LinkedIn so long to force members to change their passwords after a known breach, the revelation underscores a simple step online users can take to protect their information: password maintenance. Regularly changing passwords, using strong passwords and varying them across platforms can help prevent hackers from accessing personal information online. Many online service providers, including LinkedIn, are now also implementing two-step verification, which requires a person to use more than one form of verification to access an account. These small steps can make a big difference in protecting you –or your company’s – information online.