- Since 2004, hacks have exposed a staggering 57.8 billion pieces of personal data.
- Passwords are the most common type of data, accounting for more than 30% of all information disclosed.
- The United States is the worst-hit country, accounting for nearly 19 billion data leaks.
Sobering new study Cybersecurity company Surfshark has revealed the true extent of the data breach epidemic, revealing that a staggering 57.8 billion individual pieces of personal data have been leaked online since 2004.
This vast trove of information, collected from hacks over the past two decades, is now available to attackers. Researchers warn that this data is being used to create detailed “digital twins” of individuals, combining information from multiple leaks to create complex profiles that can be used for sophisticated fraud, identity theft and targeted attacks. The report analyzed data from 160 countries, painting a grim picture of our collective digital vulnerability.
The study explains that one “leaked account” (such as an email address) can be associated with multiple “data points,” which are individual pieces of information disclosed along with it.
On average, each leaked account was compromised using 2.8 additional data points, showing that breaches rarely reveal just one type of information. The consequences of such aggregated data are much greater than a single compromised password.
US is a data breach hotspot
While data breaches are a global phenomenon, the Surfshark report highlights that the United States is by far the worst affected country.
Since 2004, nearly 4.5 billion user accounts have been hacked in the United States, with an astounding 19 billion individual data points. This figure means that the US alone accounts for approximately a third of all data breaches analyzed in the study.
The report notes that the US is the only country to rank in the top five for all nine data categories analyzed, including personal information, financial data, location data and social media data.
This dominance is due to the country's large digitized population and its role as the headquarters of many of the world's largest technology companies, making its citizens a valuable and often targeted group.
In particular, Russia was named as the leader in password leaks, while other countries such as Israel led in the disclosure of physical characteristics, and Lithuania led in vehicle data. However, no other country has demonstrated the breadth of impact as the United States, where hackers often have more knowledge about a person's real-world identity than their digital one.
It's not just passwords anymore
Unsurprisingly, passwords are the most frequently breached category, accounting for 30.4% all leaks. This category includes not only the passwords themselves, but also password hints and security questions.
The actual “password” field alone has been compromised 10.4 billion times, more than the entire world's population. This is a stark reminder of the dangers of reusing passwords across multiple services.
However, the investigation goes deeper and reveals an alarming variety of stolen information. The second most common category is “personal information” (28.8%), which includes full names, Social Security numbers, and phone numbers. Third place is “location” (22.9%), which covers everything from physical addresses to IP-based locations.
Perhaps most alarmingly, the study found millions of leaked information containing immutable personal characteristics. The Physical Characteristics category, although only 0.06% of the total, corresponds to 28.8 million individual data points.
This includes information such as a person's height, weight, shoe size, and even eye color, adding a chilling layer of physical reality to the digital twin concept and making impersonation attempts much more convincing.
Follow TechRadar on Google News. And add us as your preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the “Subscribe” button!
