Tens of thousands of web-based email accounts have been compromised after their passwords were stolen.
On Monday, it was feared 10,000 email accounts were at risk but now that number has increased to at least 30,000.
Gmail, Hotmail, AOL, and Yahoo are among the providers that have been affected.
Security experts Ritz Security says the problem arose not because the websites concerned had weak security but because users responded to phishing emails.
Phishing is when a fake email is sent pretending to be from an official site, requesting details, such as a password and user name.
Security expert Brian Honan believes in some cases passwords may have been stolen, by using a technique called key-logging. This is when malware is installed on a computer and the key strokes are recorded.
Infected accounts are sending personalised e-mails for shopping sites that are fakes.
Web-based email users are being urged to change their passwords, not to use the same password for various sites, and to choose a password that is more secure.