A “treasure trove” of stolen personal details has been found on sale on black market websites, a security firm says.
About 360 million account credentials including email addresses and passwords were reportedly uncovered.
Hide Security said it had also found 1.25 billion email addresses without passwords.
It is unknown where the credentials, which were found in the past three weeks, came from – but the company said they included major email providers.
Experts said that the batch was exceptionally large in size. “It is Godzilla-sized, it is a monster,” said online security consultant Graham Cluley.
He added: “There may be some duplicates but, even so, it sounds like a complete treasure trove for cybercriminals.”
Hide Security said that its findings were the result of “multiple breaches which we are independently investigating”.
In a post on its website, it said: “In the first three weeks of February, we identified nearly 360 million stolen and abused credentials and 1.25 billion records containing only email addresses.
It called the numbers “mind boggling” and said the disclosure represented a “call to action” over online security.
According to Mr Cluley, the details could be used to access not only the accounts they are directly associated with, but potentially others.