Cybersecurity experts have found a huge cache of stolen data containing 26 million logins for popular websites including Amazon, Facebook and Netflix.
The massive data breach was discovered by cybersecurity firm Nordlocker, which said that a so-called 'nameless malware' had been used to collect data from users' devices.
Hackers used malware to steal 1.2 terabytes of data, including payment information, from three billion Windows-based computers between 2018 and 2020, metro.co.uk reports.
In addition to logins, the database held more than 2 billion cookies and 6.6 million other files.
Around half of these were text files, many of which contained login credentials users may have saved to their desktops.
Payment information and autofill data were also stolen from apps like web browsers.
This type of custom malware, which was transmitted via email and illegally downloaded software, can be bought online for as little as $100 (£70), Nordlocker says.
A spokesperson for Nordlocker said a hacker group accidentally revealed the location of the database.
Who stole the data, and whether any of it has been used maliciously, remains unknown.