More than 2 million passwords for sites including Facebook, Yahoo, LinkedIn, Twitter and Google have been stolen and posted online, BCC reports.
The "ethical hackers" at security firm Trustwave's SpiderLabs blog discovered the trove of login credentials, email credentials and passwords on Tuesday.
Security experts told BBC that a criminal gang may be behind the security breach.
We have reached out to the companies whose users' accounts were compromised and will update when we hear back.
The passwords and credentials were taken from people all over the world, Trustwave finds, and the site where the information was posted is written in Russian.
The stolen passwords are, in general, weak ones. The most popular password that was stolen is "123456," followed by "123456789," "1234" and "password."
This story is developing.
Moral to the story: Create UNIQUE passwords! Preferably including uppercase and lowercase letters and numbers and alphanumeric characters (i.e. $,!,@, etc.)