Over 3 billion password and email combinations have been compiled into one massive data dump, a treasure trove for hackers that experts have described as the "mother of all leaks".
The list, which was dubbed COMB (Compilation of Many Breaches), is a collection of data from previous breaches and includes passwords from tech giants such as LinkedIn and Netflix.
The scale of the hack means it is likely that most internet users have been affected in some way and users who replicate passwords across multiple sites are particularly at risk.
Tech website BGR described COMB as the "mother of all leaks" and Threatpost reported that the details were made available on a popular hacking forum at the start of this month, with a user asking just US$2 for access.
Threatpost noted that hackers complained about the quality of the data and that much of the information released had been in the public domain for some time, circulating on the dark web.
"The 3.2 billion number by itself looks staggering, but we have to remember 'quality vs. quantity'," Dustin Warren, senior security researcher at SpyCloud, told Threatpost.
"The data appears to be full of account credentials that had been part of previously known breaches.
"In fact, this one appears to be a re-release of the Collection Combos leak from 2019, the Anti Public Combo list from 2016 and potentially others, but released with some tools for deduping, sorting and parsing of the data to make it easier to use.
"In other words, there is nothing new here."
While much of the leaked info may not be new, the compilation does serve as a reminder to internet users to take precautions to protect their data.
"It is an important reminder that old passwords can come back to haunt users who reuse them across accounts, which is why even old data can be useful to criminals," Warren said.
Using unique passwords, changing them often and implementing other measures such as multifactor authentication can all help mitigate the threat.
There are multiple online tools available if users want to check to see if their data has been compromised.