- Since 2004, 57.8 billion personal data points have been exposed in breaches.
- Passwords are the most leaked type of data, accounting for more than 30% of all exposed information.
- The United States is the most affected country, accounting for nearly 19 billion pieces of data leaked.
A sobering new study from cybersecurity firm Surfshark has laid bare the true scale of the data breach epidemic, revealing that a staggering number 57.8 billion individual pieces of personal data have been leaked online since 2004.
This vast trove of information, compiled from breaches occurring over the past two decades, is now accessible to malicious actors. Researchers warn that this data is used to create detailed “digital doubles” of individuals, combining information from multiple leaks to create comprehensive profiles that can be used for sophisticated fraud, identity theft and targeted attacks. The report analyzes data from 160 countries, painting a grim picture of our collective digital vulnerability.
The study clarifies that a single “disclosed account” (like an email address) can be linked to multiple “data points,” which are the individual pieces of information exposed alongside it.
On average, each leaked account was compromised with 2.8 additional data points, showing that breaches rarely expose only one type of information. The consequences of this aggregated data are far more serious than a single compromised password.
The United States is a hotspot for exposed data
While data breaches are a global phenomenon, the Surfshark report highlights that the United States is by far the most affected country.
Since 2004, nearly 4.5 billion user accounts have been compromised in the United States, linked to an astonishing 19 billion individual data points. This figure means that the United States alone accounts for about a third of all data breaches analyzed in the study.
The report notes that the United States is the only country to rank in the top five for all nine categories of data analyzed, including personal information, financial data, location data and social media details.
This dominance is attributed to the country’s large, highly digitized population and its role as home to many of the world’s largest technology companies, making its citizens a high-value and frequently targeted group.
Russia was identified as the leader in password leaks, while other countries like Israel led in exposure of physical characteristics and Lithuania in vehicle data. However, no other country has demonstrated such exposure as the United States, where hackers often possess deeper knowledge of an individual’s real world identity than their digital identity.
It’s Not Just About Passwords Anymore
Unsurprisingly, passwords are the most frequently exposed category, representing 30.4% of all leaks. This category includes not only the passwords themselves, but also password clues and security questions.
The “password” field alone has been leaked 10.4 billion times, more than the entire world population. It’s a stark reminder of the dangers of reusing passwords across services.
However, the research goes further, revealing the alarming variety of stolen information. The second most common category is “personal information” (28.8%), which includes full names, social security numbers, and phone numbers. Third is “location” (22.9%), which covers everything from physical addresses to IP-based locations.
Perhaps most worrying is that the study revealed millions of leaks containing immutable personal attributes. The “Physical Characteristics” category, although only 0.06% of the total, results in 28.8 million individual data points.
This includes information such as a person’s height, weight, shoe size and even eye color, adding a frightening layer of physical reality to the concept of a “digital doppelganger” and making identity theft attempts much more convincing.
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
