More than 2 million Facebook, Twitter and Google passwords are public record, according to a research firm's report that uncovered the logins while sweeping for malware.
SpiderLabs, a research branch of security firm Trustwave, found the valuable and often ridiculously simple passwords while scanning the Internet for the Pony botnet controller, NBC reported.
A malware-spreading set of programs, the Pony botnet controller is becoming more common online. The passwords were not leaked by websites like Facebook, but were obtained through infected computers that grabbed the data when users logged into their accounts.
Since as many as 40 percent of Internet users have the same password for multiple accounts such as Facebook, Twitter or even their bank account, the log-ins could be extremely valuable.
The attack, which gathered more than 1.5 website credentials and 320,000 email logins, seems to be global, according to the SpiderLabs report.
"At least some of the victims are scattered all over the world," the report said.
The passwords were also dangerously simple, with 15,820 accounts using the classic "123456." The similar "12346789" came in second place with 4,875 uses.
The websites in question have reacted to the security compromise.
"We immediately reset the passwords of the affected accounts," a spokesperson from Twitter told HuffPost.
Facebook, which also reset its compromised passwords, advises people to use the site's two-factor login, which requires a passcode from a phone as well as the standard password. This authentication option is also available for Twitter, Yahoo and Google accounts.
"Facebook takes people's information security extremely seriously and we work hard to protect it," a Facebook spokesperson said in a statement. "While details of this case are not yet clear, it appears that people's computers may have been attacked by hackers using malware to scrape information directly from their Web browsers."
See Now: OnePlus 6: How Different Will It Be From OnePlus 5?