Security firm Trustwave have discovered over two million passwords for social media and email accounts have been released online by hackers.
Hackers have compromised the accounts of Facebook, Twitter, Google, Yahoo, LinkedIn, YouTube and many other sites and posted them online.
The passwords for the compromised accounts are believed to have been collected by a botnet called Pony - which used software to take note of keystrokes on computers infected with malware.
A botnet is a network of private computers infected with malicious software and controlled as a group without the owners' knowledge. Cybercriminals use botnets to steal large amounts of personal data, which can then be sold on to others or held to ransom.
Analysis of the passwords by Trustwave showed a worrying trend. Many of the passwords revealed by the security firm are too easy to guess and not difficult for hackers to crack. Here are the top five:
1. 123456 15820
2. 123456789 4875
3. 1234 3135
5. 12345 2094
6. 12345678 2045
Having a strong password is important protection; here are some top tips for creating them.
Facebook aware of security risk
Facebook has said that they are aware of the hack and all of the users found in the database had been put through a password reset process.
A Facebook spokesperson said in a statement "People can help protect themselves when using Facebook by activating Login Approvals and Login Notifications in their security settings.
"They will be notified when anyone tries to access their account from an unrecognized browser and new logins will require a unique passcode generated on their mobile phone."
For further information please visit the Trustwave Blog.
Please note that Action Fraud is not responsible for the content of external websites.
To report a fraud and receive a police crime reference number, call Action Fraud on 0300 123 2040 or use our online fraud reporting tool.