Cybersecurity experts have found a huge cache of stolen data containing 26 million logins for popular websites including Amazon, Facebook and Netflix.
Hackers used malware to steal 1.2 terrabytes of data, including payment information, from three billion Windows-based computers between 2018 and 2020.
In addition to logins, the database held more than 2 billion cookies and 6.6 million other files.
Around half of these were text files, many of which contained login credentials users may have saved to their desktops.
Payment information and autofill data was also stolen from apps like web browsers.
The massive data breach was discovered by cybersecurity firm Nordlocker, who said that a so-called ‘nameless malware’ had been used to collect data from user devices.
This type of custom malware, which was transmitted via email and illegally downloaded software, can be bought online for as little as $100 (£70), the firm says.
A Nordlocker spokesperson said a hacker group accidently revealed the location of the database.
Who stole the data, and whether any of it has been used maliciously, remains unknown.
You can find out if your email address or phone number has been compromised in a data breach on the Have I Been Pwned? website.
Malware attacks and other forms of cyber crime have become major security concerns in recent years.
A new taskforce set up to tackle digital attacks in the US announced it had made its first criminal charge in early June.
The taskforce accused Latvian hacker Alla Witte of involvement in plots to target schools and hospitals.