Details of about 360 million accounts are up for sale on cyber black markets, according to a US-based security firm
Hold Security collected information over the past three weeks that have yet to be reported publicly.
The company's chief information security officer, Alex Holden, said: "The sheer volume is overwhelming," Holden told Reuters.
The 360 million records of data were obtained in separate attacks, with one of them yielding about 105 million records, making it the massive sole credential breaches till date.
"We have staff working around the clock to identify the victims."
The data includes user names from email addresses and passwords that in many of the cases were in unencrypted text.
The detected email addresses were from major providers including AOL, Google, Microsoft and Yahoo, as well as Fortune 500 firms and non-profit organisations.
Recently, there were several payment-card data breaches, including massive one at US retailer Target, which cost over $200m to financial institutions in replacing their credit and debit cards.