In a disturbing report, two million stolen passwords of Facebook, Yahoo, LinkedIn, Twitter and Google were posted online, said security firm Trustware on Tuesday.
It hasn't been determined how old the information is but company experts have said that even outdated information can pose a threat, reported Social News Daily.
"We don't know how many of these details still work. But we know that 30-40% of people use the same passwords on different websites. That's certainly something that people shouldn't do," said Graham Cluley, a security researcher in an interview to BBC.
Trustware explained in a blog post that the passwords are most likely to have been harvested by a large botnet that picked up information from users all over the world. Botnets are used to infect computers and steal large amounts of data by hackers which are then sold to others, held for random or posted online for the public to see.
Trustware said they have already notified the effected companies before posting the blog.
Facebook in its defense said the security risk was generated via the infected user machines and they weren't to blame.
"While details of this case are not yet clear, it appears that people's computers may have been attacked by hackers using malware to scrape information directly from their browsers," Social News Daily quoted a Facebook spokesperson as saying.
Facebook added that users who had their password stolen have been sent through a password reset process. There is no confirmation on whether other websites have followed suit.