German telecommunications giant Deutsche Telekom has warned its customers that it found account passwords for sale on the dark web.
In a German posting on its website, the company said that a sample of 90 records it received showed that "at least part" of the detail are "real and current."
The sample is part of a larger cache, thought to be between 64,000 records and 120,000 records.
But the company denied it had been hacked, and suggested the data may have been obtained through phishing.
The Bonn, Germany-headquartered telecoms giant owns the T-Mobile brands, including T-Mobile US, as its largest majority shareholder.
Its website says the company has over 156 million customers worldwide.
Thomas Kremer, chief privacy officer at Deutsche Telekom, hinted at the possibility of a password reuse attack, which are passwords that were stolen from a separate breach but have credentials that match other services. The statement said several other companies are affected.
The news comes a few days after the company's arm in the Czech Republic discovered a plot by an employee to steal customer data, in order to sell it on for profit.
It's not thought that the two incidents are related.