(Image credit: sarayut Thaneerat/ via Getty Images)

---

• A staggering 57.8 billion personal data points have been exposed in breaches since 2004.
• Passwords are the single most leaked data type, accounting for over 30% of all exposed information.
• The United States is the most affected country, accounting for nearly 19 billion of the leaked data points.

---

A sobering new study from cybersecurity firm Surfshark has laid bare the true scale of the data breach epidemic, revealing that a mind-boggling 57.8 billion individual pieces of personal data have been leaked online since 2004.

This vast trove of information, compiled from breaches over the last two decades, is now accessible to malicious actors. The researchers warn that this data is being used to build detailed “digital doppelgängers” of individuals, combining information from multiple leaks to create comprehensive profiles that can be used for sophisticated fraud, identity theft, and targeted attacks. The report analyzed data from 160 countries, painting a grim picture of our collective digital vulnerability.

The study clarifies that a single “leaked account” (such as an email address) can be linked to multiple “data points,” which are the individual pieces of information exposed alongside it.

On average, each leaked account was compromised with 2.8 additional data points, showing that breaches rarely expose just one type of information. The consequences of this aggregated data are far more severe than a single compromised password.

The US is a hotspot for exposed data

While data breaches are a global phenomenon, the Surfshark report highlights that the United States is by far the worst-affected nation.

Since 2004, nearly 4.5 billion user accounts have been compromised in the US, linked to an astonishing 19 billion individual data points. This figure means the US alone accounts for roughly a third of all the leaked data points analyzed in the study.

The report notes that the US is the only country to rank in the top five for all nine data categories analyzed, including personal information, financial data, location data, and social media details.

This dominance is attributed to the country’s large, highly digitized population and its role as the headquarters for many of the world’s largest tech companies, making its citizens a high-value, frequently targeted group.

Russia was identified as the leader in password leaks, specifically, while other countries like Israel led in the exposure of physical features, and Lithuania led in vehicle data. However, no other nation demonstrated the same breadth of exposure as the US, where hackers often possess more extensive knowledge of an individual’s real, world identity than their digital one.

It’s not just passwords anymore

Unsurprisingly, passwords are the most frequently exposed category, accounting for 30.4% of all leaks. This category includes not just the passwords themselves but also password hints and security questions.

The actual “password” field alone has been leaked 10.4 billion times, more than the entire global population. This is a stark reminder of the dangers of reusing passwords across multiple services.

However, the research dives deeper, revealing the alarming variety of information being stolen. The second most common category is “personal information” (28.8%), which includes full names, Social Security numbers, and phone numbers. The third is “location” (22.9%), which covers everything from physical addresses to IP-based locations.

Perhaps most disturbingly, the study found millions of leaks containing unchangeable personal attributes. The “Physical Features” category, while making up only 0.06% of the total, translates to 28.8 million individual data points.

This includes information like a person’s height, weight, shoe size, and even eye color, adding a chilling layer of physical reality to the “digital doppelgänger” concept and making impersonation attempts far more convincing.

---

Follow TechRadar on Google News and* add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!*

---

Sign up for breaking news, reviews, opinion, top tech deals, and more.

Rene Millman is a seasoned technology journalist whose work has appeared in The Guardian, the Financial Times, Computer Weekly, and IT Pro. With over two decades of experience as a reporter and editor, he specializes in making complex topics like cybersecurity, VPNs, and enterprise software accessible and engaging.