Data was taken from computers infected with malicious software.
More than two million passwords belonging to Google, Facebook and Yahoo accounts have been posted online by a criminal gang.
It is believed the data was attained by key stroke logging malware infecting computers across the world.
It is not yet known hold old the data is, but experts have warned that it could still pose a risk as many people don’t update their passwords often enough.
Security expert Graham Cluley said on his website: "What’s happened here is clear. Innocent users’ computers have become infected with malware, which grabbed login details as they were entered by users. This data was then transmitted to the cybercriminals – either so they could access the accounts themselves or (more likely) sell on the details to other online criminals.
The site containing the passwords was discovered by researchers at Trustwave.
In a blog post outlining its findings, the team said it believed the passwords had been collected by a large botnet, that’s been dubbed Pony, that had scooped up information from thousands of infected computers worldwide.
Brian Spector, CEO of CertiVox, said: "The news that over two million stolen passwords for some of the biggest online services in the world yet again goes to show the inherent vulnerability faced by organisations through the username and password system. If customers haven’t changed their passwords, they could well see their accounts taken over with all manner of potential damage caused.
"This is obviously not an isolated incident and with the sheer scale of the information available, it is high time that organisations everywhere took a second look at the security methods that they employ – what is proven time and again is that username and password security systems are inherently weak, offering a wide range of attack vectors to criminals, along with a valuable harvest of private customer information.
"The fact that many users tend to use the same password across multiple online accounts also means that their accounts for other online services could be under threat, not just the ones details have been leaked for. This, coupled with the inherent problems with storing such complete information on one server really adds to the argument that it is time for companies to move beyond username and passwords and find a more secure method."
123456 was the most popular password, being used on 15,820 of the accounts. In second place came 123456789, which was used as a password on 4875 accounts.