Massive data leak exposes millions of social security numbers, emails, and passwords: experts warn of ongoing risk

A very big unsecured online database was found that may contain tens of millions of real Social Security numbers, along with email addresses and passwords, security researchers discovered. The database was found by cybersecurity company UpGuard, which said the total number of records runs into billions, but many of them are likely duplicates.

The raw data included about 3 billion email and password combinations and around 2.7 billion records containing Social Security numbers, according to researchers. Experts believe the actual number of unique people affected is probably in the tens to hundreds of millions, not billions, because of repeated entries, as per UpGuard researchers via 9to5Mac.

Huge data leak found

UpGuard tested a sample by contacting some people listed in the data, and this check showed that about 25% of the Social Security numbers were real and correct. Researchers say the data was likely collected from many different breaches over about 10 years, not from just one single hack. A big part of the data may have come from a massive 2024 leak of around 2.7 billion records, which was believed to include personal details of people in the US, UK, and Canada.


Some of the information is much older, and experts guessed its age by looking at popular password trends, like references to bands and celebrities. For example, passwords mentioning One Direction, Fall Out Boy, and Taylor Swift were very common, which suggests a lot of the data likely dates back to around 2015 in the US, as noted by 9to5Mac. Experts warn that old leaked data is still dangerous, because some details like Social Security numbers never change.

Victims may not know yet

Another big danger is that hackers may have stolen the data but have not used it yet. This means many people may not even know their information is exposed. Pollock said most people only find out about a data breach when criminals try to misuse their details, like trying to log into their accounts. He also said he was surprised because even though many breaches look very big, in this case some people’s identities are still in danger since the data is already exposed but not used yet. Experts say this is why people should use password managers and create strong, different passwords for every website and app to stay safe.

FAQs

Q1. What was found in the leaked database?

Researchers found a huge unsecured database with billions of records, including emails, passwords, and many real Social Security numbers, discovered by UpGuard.

Q2. Why is old leaked data still dangerous?

Old data is risky because details like Social Security numbers never change and hackers can still use them anytime.