An exposed database containing tens of millions of distinct Social Security numbers, along with email addresses and passwords, has been revealed by security experts. This database, discovered by the cybersecurity firm UpGuard, is thought to have been assembled from multiple data breaches over the last ten years. Although the information is dated, it presents a considerable risk due to the sensitive nature of the details.
The database is said to comprise around 3 billion email addresses and passwords, in addition to about 2.7 billion entries containing Social Security numbers. Nevertheless, the actual count of unique records is projected to be in the tens to hundreds of millions. UpGuard managed to validate a sample of the information, confirming that nearly a quarter of the Social Security numbers were legitimate.
The data seems to cover a span of ten years, with certain records possibly originating from a substantial data leak in 2024 that might have revealed sensitive personal details for people in the US, UK, and Canada. Other entries appear to be older, with researchers estimating their age by examining cultural references in passwords, such as mentions of well-known music groups from around 2015.
Despite the age of the data, it continues to pose a threat for two primary reasons. First, certain types of information, such as Social Security numbers, remain constant over time. Second, the validation process suggested that a significant portion of the data has not yet been leveraged, indicating that many potential victims may be oblivious to the compromise of their information. Frequently, individuals only discover the breach when an attacker tries to use their data.
The results highlight the necessity of maintaining robust, unique passwords across different online platforms. Using a password manager can assist individuals in protecting their accounts against possible breaches, even when the information involved is years old.