London: More than two million stolen passwords for sites like Facebook, Google and Yahoo have been reportedly posted online by cyber criminals.
Security experts suspect that the confidential data was taken from computers infected with malicious software that logged key presses.
Security researcher Graham Cluley said that 30-40 percent of people use the same passwords on different websites which makes the leaked information more vulnerable.
Security firm Trustware discovered the site containing the leaked passwords and the researchers believed that the passwords had been harvested by a large botnet, dubbed Pony that had scooped up information from thousands of infected computers worldwide.
According to the report, the site, written in Russian , claimed to offer 318,121 username and password combinations for Facebook, Google, Yahoo, Twitter and LinkedIn.
Meanwhile, Facebook said that it was not at fault and the breach happened due to infected user machines, adding that it has put the victim users through a password reset process.
The report said that users can protect their Facebook passwords by changing their Login Approvals and Login Notifications in their security settings.