More than two million stolen passwords used for sites such as Facebook, Google and Yahoo and other web services have been posted online.
The details had probably been uploaded by a criminal gang, security experts said.
It is suspected the data was taken from computers infected with malicious software that logged key presses.
It is not known how old the details are - but the experts warned that even out-dated information posed a risk.
"We don't know how many of these details still work," said security researcher Graham Cluley. "But we know that 30-40% of people use the same passwords on different websites.
More than two million stolen passwords used for sites such as Facebook, Google and Yahoo and other web services have been posted online.
The details had probably been uploaded by a criminal gang, security experts said.
It is suspected the data was taken from computers infected with malicious software that logged key presses.
It is not known how old the details are - but the experts warned that even out-dated information posed a risk.
"We don't know how many of these details still work," said security researcher Graham Cluley. "But we know that 30-40% of people use the same passwords on different websites.
In this instance, it was log-in information for popular social networks that featured most heavily.
The site - written in Russian - claimed to offer 318,121 username and password combinations for Facebook. Other services, including Google, Yahoo, Twitter and LinkedIn, all had entries in the database.
Analysis of the passwords by Trustwave showed a familiar picture - the most popular password, found in the database over 15,000 times, was "123456".
assword 
