It’s been a bad year for data breaches so far in 2025, and we still have a couple of months to go.
Just thinking quickly, I can recall several major data breaches, including leaks affecting 16 billion accounts on platforms like Google, Facebook, and Telegram, 70,000 Discord user IDs, and a massive 40 billion records – many of which were labeled as confidential – found on an unsecured database.
Surfshark, a VPN company, recently released a study on October 28th revealing how vulnerable people are online. The findings are quite concerning.
A recent study shows that since 2004, over 23 billion user accounts have been compromised, exposing nearly 58 billion pieces of personal information. Just in 2025, Surfshark has already recorded more than 215 million account leaks, and the problem is continuing to worsen each quarter.
Surfshark calculates data breaches by counting each leaked email address as a single incident, but recognizes that a single compromised account often involves more than just one piece of information being exposed. This can include things like passwords, as well as personal details and other attributes.
Surfshark compiled this information with the assistance of independent security experts. They analyzed 160 countries – those with populations exceeding one million – and found a total of 44.4 billion pieces of leaked data.
According to Surfshark’s research across 160 countries, nearly 17 billion accounts had leaked data, averaging 2.8 pieces of information per account.
Why is physical information important? It seems silly to worry about someone learning your hair color if your password is secure, right? But it’s actually more complicated than that.
Surfshark’s research shows a surprising amount of personal information is publicly available online, both legally and illegally. The biggest danger isn’t necessarily a single piece of information being exposed, but rather when all this data gets combined together.
If hackers get hold of your personal information, they can create a convincing online fake of you – Surfshark calls this a “digital doppelgänger.” Millions of people are vulnerable to highly targeted and personalized attacks as a result.
Passwords and usernames make up the bulk of the breach data
A recent Surfshark study of data breaches in 160 countries found that passwords account for roughly 23% of all leaked data since 2004. This represents approximately 10.4 billion exposed passwords.
The second most common type of leaked data involves usernames, accounting for 3.26 billion exposures, or roughly 7.4% of all leaks. Hashed passwords, which should be securely stored, were found in 2.93 billion leaks.
In addition to the three most frequently breached data types, there were 17 other common types of leaked information, such as names, phone numbers, countries, cities, IP addresses, ZIP codes, and preferred languages. Even the 15th most common leak – dates of birth – appeared 1.36 billion times.
The scale of this exposure is immense.
Surfshark
Considering the sheer number of passwords leaked – far exceeding the world’s population – and all the other compromised data, Surfshark is right to call this a massive exposure.
As I’ve been researching digital privacy, I keep coming back to the concept of a ‘digital doppelgänger.’ Surfshark recently pointed out something important: while we often focus on leaked usernames and passwords, a hacker’s next step could involve gathering physical characteristics about us – and that’s a surprisingly critical piece of the puzzle.
While information about physical characteristics represents a small fraction of all leaked data – just 0.06%, or almost 29 million records – it still includes details like height, weight, shoe size, and hair and eye color.
As a tech enthusiast, I was really disturbed to read Surfshark’s findings. It’s not just about passwords getting leaked anymore! They pointed out that this kind of data breach can actually lead to real-life crimes – things like someone tracking your car, making fake plates with your number, or even targeting you for theft. It really hit home that these leaks aren’t just about what’s happening online; they’re about your personal safety and your belongings in the real world.
USA is number one … in several data leak rankings
Data breaches happen globally, but the United States is a major target. Surfshark reports that since 2004, almost 4.5 billion user emails – representing 19 billion pieces of personal information – have been exposed in the US. The country also leads in several other areas related to data breaches.
The United States has the most data leaks of any country studied, with incidents involving personal information, location data, social media accounts, financial details, and other types of data. Specifically, there are about 17 data leaks for every 1,000 people when considering personal information alone.
Russia leads the world in leaked passwords, with over 22,478 breaches for every 1,000 people. Israel, on the other hand, experiences the highest rate of leaks involving personal physical characteristics, at almost 70 per 1,000 people.
What can you do to prevent data breaches?
What’s most concerning about this research – and the growing trend of ‘digital doppelgängers’ – is that unlike usernames or passwords, you can’t simply change your physical characteristics if your online identity is compromised.
Fraud and identity theft are becoming more common, so it’s crucial to be careful about protecting your personal information. There’s no foolproof way to prevent these problems, but following standard cybersecurity practices can help.
Protect your accounts by creating strong, unique passwords for each one. A password manager can be a big help with this. Also, enable multi-factor authentication whenever possible – it adds an extra layer of security and can prevent hackers from getting in, even if your password is compromised.
Watch out for scams sent through email, text message, or phone calls, and be cautious when using public Wi-Fi networks. Using a reliable VPN can help protect your information – I don’t recommend any specific brand, but Surfshark is just one example.
Regularly check your bank statements and credit reports, and do what you can to limit the amount of personal information available online. It’s easy to underestimate how much can be found out about you from just one social media account.
If you’re worried your online accounts have been hacked, a website called Have I Been Pwned can help you find out quickly.
FAQ
Has Surfshark ever suffered a data breach?
Surfshark VPN states that its users have never had their account information exposed in a data breach.
Can a VPN protect me from data breaches?
A VPN is designed as an encrypted tunnel through which your internet traffic flows. This makes it a great tool for those who often use public Wi-Fi. It won’t stop all data breaches, but it’s a good tool to have on hand.
How do I know if my information has been leaked?
If you’re worried your information might have been exposed in a data breach, websites like Have I Been Pwned can help. Simply go to the site and enter your email address to find out if your account has been compromised.
Read More
- Gold Rate Forecast
- Wednesday Season 2 Completely Changes a Key Addams Family Character
- Dynasty Warriors remastered title and Dynasty Warriors: Origins major DLC announced
- The Simpsons Kills Off Marge Simpson In Shocking Twist
- 10 Most Badass Moments From Arrow
- Timothee Chalamet heist film
- BTC PREDICTION. BTC cryptocurrency
- Jimmy Kimmel Slams ‘Angry Finger Pointing’ Following Charlie Kirk Shooting After Building a Career off Angry Finger Pointing
- Age of Empires IV: Anniversary Edition coming to PS5 on November 4
- Jon Cryer Says He Was Paid “a Third” of Charlie Sheen’s Salary
2025-10-31 00:11