More than two million stolen passwords used for sites such as Facebook, Google and Yahoo and other web services have been posted online.
The details had probably been uploaded by a criminal gang, security experts said.
It is suspected the data was taken from computers infected with malicious software that logged key presses.
It is not known how old the details are – but the experts warned that even out-dated information posed a risk.
“We don’t know how many of these details still work,” said security researcher Graham Cluley. “But we know that 30-40% of people use the same passwords on different websites.
“That’s certainly something people shouldn’t do.”