More than two million passwords of compromised accounts used for sites such as Facebook, Google and Yahoo and other web services have been posted online. The site containing the passwords was discovered by researchers working for security firm Trustwave.

Trustwave's team said it believed the passwords had been harvested by a large botnet - dubbed Pony - that had scooped up information from thousands of infected computers worldwide.

It is suspected the data was taken from computers infected with malicious software that logged key presses.

Demographically, the Netherlands seemed to be targeted the most, as 97 percent of the stolen credentials belong to users in the country -- followed by Thailand, Germany, Singapore, and Indonesia. The United States accounted for less than 2,000 stolen credentials.

Most of the compromised web log-ins belong to popular websites and services such as Facebook, Google, Yahoo, Twitter, LinkedIn, etc.

Analysis of the passwords by Trustwave showed a familiar picture - the most popular password, found in the database over 15,000 times, was "123456". According to Trustwave, passwords that use all four character types and are longer than 8 characters are considered "Excellent", whereas passwords with four or less characters of only one type are considered "Terrible".