Login names and passwords for more than 98 million users of the Russian Rambler.ru email service have reportedly been stolen and put online.
The data included email addresses and passwords that had been stored without any protection, a security firm said.
Leaked Source said the massive cache of credentials dated from 2012 but had only now been leaked and put online.
And it had come from a hacker who had supplied security firms with 43 million user names from music service Last.fm.
Rambler has been described as the Russian equivalent of Yahoo as it offers email services as well as acting as a news and content hub for its users.
Leaked Source broke the news about the breach and said it had verified some of the data with the help of Russian journalists.
Rambler.ru has not responded to requests for comment on the breach.
Leaked Source said passwords associated with login names had been stored with “no encryption or hashing”. Instead, it said, they had been listed in plain text.
Analysis of the long list of passwords showed that “asdasd” was the most popular string, used by more than 723,000 people, it said.
The second most popular password among the 98 million users was “asdasd123”.
In June this year, details of more than 100 million users of the Russian VK.com service were shared online.
Copies of the long list of login names and passwords was offered online at a price of 1 bitcoin (£456).