The largest data breach ever has been discovered and it exposes the emails and passwords of more than 770 million accounts.
A security researcher found the 87GB dump of data hidden on a hacker forum and says many of them have been previously included in other leaks such as the infamous MySpace and LinkedIn breaches.
Troy Hunt, who runs the Have I Been Pwned breach-notification service, found the leak on cloud-service MEGA and called it 'Collection #1'.
He said: 'If you're in this breach, one or more passwords you've previously used are floating around for others to see.'
Users can use this site to see if their email has been made available in the leak and this link to check their passwords are still safe.
It is believed the mammoth collection of once private data is used by hackers in a method called 'credential stuffing' which tries to gain access to accounts using similar emails and passwords to ones that already exist.
People are encouraged to use password managers, avoid using the same password for several accounts and not to use predictable passwords to lower their exposure.
Scroll down for video
A security researcher found the 87GB dump of data hidden on a hacker forum and says many of them have been previously included in other leaks such as the infamous MySpace and LinkedIn breaches
'In total, there are 1,160,253,228 unique combinations of email addresses and passwords,' Mr Hunt writes
He also found there to be 21,222,975 unique passwords exposed in the breach.
Hashing protects stolen passwords and has worryingly been broken.
Although a significant chunk of the information in 'Collection #1' is already known to the world, the researcher believes 140 million previously safe email addresses have been leaked.
An alleged dossier of more than 2,000 websites was also found which is believed to be the source of some of the data.
These include: belgium.trans-escorts.com, www.themusichutch.com, botanyconference.org.
A Bitcoin site called bitcointalk.org allegedly is responsible for more than half a million user leaks.
It remains unknown if they came from one or several different sources.
More than 2 million people have used the Have I Been Pwned site and these individuals would have received a notification if their account details have been breached.
Mr Hunt revealed that 768,000 of the users, including himself, have been caught out.
Jake Moore, cyber security expert at ESET UK, said: 'There has never been a better time to change your password. It is quite a feat not to have had an email address, or other personal information breached over the last decade.
'If you're one of those people who think it won't happen to you, and then it probably already has.
'Password managing applications are now widely accepted, and they are much easier to integrate into other platforms than before.
'Plus, they help you generate a completely random password for all of your different sites and apps.
'And if you're questioning the security of a password manager, well they are incredibly safer to use than reusing the same three passwords for all your sites.'
Troy Hunt, who runs the Have I Been Pwned breach-notification service, found the leak and called it 'Collection #1'. He said it is likely 'made up of many different
