India, Nov. 19 -- A new collection of exposed login details is circulating online, and it contains 1.3 billion passwords along with 2 billion email addresses. Security researchers say the data did not come from a single breach. Instead, it was gathered from years of leaked credentials already present on open websites and dark-web forums.

The threat intelligence firm Synthient assembled this collection after scanning multiple sources for exposed logins. The company had earlier found more than 180 million leaked email accounts, and this new compilation expands on that work. Much of the data originates from older breaches and long-running credential-stuffing lists that cybercriminals trade and reuse.

Synthient combined the entire dataset a...