Password data and other personal information belonging to as many as 2.2 million users of two websites—one a cryptocurrency wallet service and the other a gaming bot provider—have been posted online, according to Troy Hunt, the security researcher behind the Have I Been Pwned breach notification service.