The database included details from many of the most popular social networks
More than two million stolen passwords used for sites such as Facebook, Google and Yahoo and other web services have been posted online.
The details had probably been uploaded by a criminal gang, security experts said.
It is suspected the data was taken from computers infected with malicious software that logged key presses.
It is not known how old the details are – but the experts warned that even out-dated information posed a risk.
“We don’t know how many of these details still work,” said security researcher Graham Cluley. “But we know that 30-40% of people use the same passwords on different websites.
“That’s certainly something people shouldn’t do.”
The site containing the passwords was discovered by researchers working for security firm Trustwave.
In a blog post outlining its findings, the team said it believed the passwords had been harvested by a large botnet – dubbed Pony – that had scooped up information from thousands of infected computers worldwide.