Almost 773 million unique email addresses and just under 22 million unique passwords were found to be hosted on cloud service MEGA.
In a blog post, security researcher Troy Hunt said the collection totalled over 12,000 separate files and more than 87GB of data.
The data, dubbed Collection #1, is a set of email addresses and passwords totalling 2,692,818,238 rows that has allegedly come from many different sources.
"What I can say is that my own personal data is in there and it's accurate; right email address and a password I used many years ago," Hunt wrote. "In short, if you're in this breach, one or more passwords you've previously used are floating around for others to see."
Some passwords, including his own, have been "dehashed", that is converted back to plain text.
Hunt said he gained the information after multiple people reached out to him with concerns over the data on MEGA, with the Collection #1 dump also being discussed on a hacking forum.
"The post on the forum referenced 'a collection of 2000+ dehashed databases and Combos stored by topic' and provided a directory listing of 2,890 of the files," Hunt wrote.
The collection has since been removed.
You can use Hunt's Have I Been Pwned service to see if your information has been exposed.
Brute force and dictionary attacks can threaten encrypted databases, password-protected documents, and other secure data, putting corporate assets at great risk. This ebook explains how the attacks work..
Two staff members have been fired for negligence and five senior management executives, including the CEO, were fined for their "collective leadership responsibility" in Singapore's most serious security breach, which compromised personal data of 1.5 million SingHealth patients.