- A staggering 57.8 billion personal data points have been exposed in breaches since 2004.
- Passwords are the most leaked data type, accounting for over 30% of all exposed information.
- The United States is the most affected country, accounting for nearly 19 billion of the leaked data points.
A sobering new study by cyber security firm Surfshark has revealed the true scale of the data breach epidemic, revealing that a staggering 57.8 billion individual pieces of personal data have been leaked online since 2004.
This vast amount of information gathered from breaches over the past two decades is now available to malicious actors. The researchers warn that this data is being used to build detailed “digital doppelgangers” of individuals, combining information from multiple leaks to create comprehensive profiles that can be used for sophisticated fraud, identity theft and targeted attacks. The report analyzed data from 160 countries and paints a grim picture of our collective digital vulnerability.
The study clarifies that a single “leaked account” (such as an email address) can be linked to multiple “data points,” which are the individual pieces of information exposed next to it.
On average, each leaked account compromised 2.8 additional data points, showing that breaches rarely reveal just one type of information. The consequences of this aggregated data are far more serious than a single compromised password.
The US is a hotspot for exposed data
While data breaches are a global phenomenon, the Surfshark report highlights that the US is by far the worst affected nation.
Since 2004, nearly 4.5 billion user accounts have been compromised in the United States, associated with a staggering 19 billion individual data points. This number means that the US alone accounts for about a third of all the leaked data points analyzed in the study.
The report notes that the United States is the only country to rank in the top five for all nine data categories analyzed, including personal information, financial data, location data and social media.
This dominance is attributed to the country’s large, highly digitized population and its role as the headquarters of many of the world’s largest technology companies, making its citizens a high-value, often targeted group.
Russia was identified as the leader in password leaks, specifically, while other countries such as Israel led in the exposure of physical features and Lithuania led in vehicle data. However, no other nation showed the same breadth of exposure as the United States, where hackers often have more extensive knowledge of a person’s real-world identity than their digital one.
It’s not just passwords anymore
Unsurprisingly, passwords are the most frequently exposed category to stand for 30.4% of all leaks. This category includes not only the password itself, but also password tips and security questions.
The “password” field alone has been leaked 10.4 billion times, more than the entire global population. This is a stark reminder of the dangers of reusing passwords across multiple services.
However, the research digs deeper and reveals the alarming range of information being stolen. The second most common category is “personal information” (28.8%), which includes full names, social security numbers and telephone numbers. The third is “location” (22.9%), which covers everything from physical addresses to IP-based locations.
Perhaps most disturbingly, the study found millions of leaks containing immutable personal characteristics. The “Physical Properties” category, while only 0.06% of the total, translates to 28.8 million individual data points.
This includes information such as a person’s height, weight, shoe size, and even eye color, adding a chilling layer of physical reality to the “digital doppelganger” concept and making impersonation attempts far more convincing.
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
