Fraudsters exchanged 12 million pieces of personal information online in the first quarter of 2012, an increase of 300% since 2010, according to credit-checking firm Experian.
The company said many people were unaware their identity had been stolen until they were refused credit cards or mobile phone contracts, according to the BBC.
Identity theft victims commonly experience refusal of loans or credit cards (14%), debts being run up in their name (9%), refusal of mobile phone contracts (7%), and being chased by debt collectors for money they do not owe (7%).
Experian said the increase of identity theft was partly due to fact that people are signing up for an increasing number of online accounts.
Part of the problem is also that many users have an average of 26 online accounts, but use only around five different passwords.
Microsoft tips to prevent identity theft
1. Always choose strong, unique passwords.
2. Be careful using your account in public places, and especially on shared PCs.
3. Be careful sharing personal information as this can be used to attempt to access accounts.
4. Install protection against viruses, spyware and malware, and keep it up to date.
5. Make sure your browser phishing filters are active.
6. Ensure you are on the correct site before entering personal information.
Failure to change passwords or the use of the same password for several accounts is a risky practice as research has shown that abandoned accounts are vulnerable to hackers.
Security industry representatives advised Yahoo users to change all their passwords after hackers broke into the company's servers and stole 453,000 passwords from mainly abandoned accounts.
Earlier this week, Eric Doerr, group program manager for Microsoft account system (formerly Windows Live ID), said security breaches that expose customer account information for criminals to exploit shine a spotlight on the core issue of people reusing passwords between different websites.
"This highlights the longstanding security advice to use unique passwords, as criminals have become increasingly sophisticated about taking a list of usernames and passwords from one service and then 'replaying' that list against other major account systems," he wrote in a blog post.
"When they find matching passwords they are able to spread their abuse beyond the original account system they attacked," Doerr said.