Methodology

What is The Data Breach World Map?

The Data Breach World Map was developed in partnership with independent cybersecurity researchers to visualize the scope and scale of data breaches worldwide. Most reporting on data breaches and leaks that affect companies around the world doesn’t go into detail on what countries were affected the most.

Thus, the Data Breach World Map is the first tool, which shows from which countries users are most affected by breaches according to the gathered data.

What is a data breach?

In information security, a data breach is an incident in which data held by some party - a person, a company, etc. - is accessed, viewed, and potentially stolen by unauthorized third parties. In layman’s terms, a standard movie hacker accessing a database to steal secret plans would be a data breach.

For our purposes, a data breach means that the intruder copied and leaked user data such as names, surnames, email addresses, passwords, etc.

What is a data point?

In the case of a data breach, a data point is a unit of private information. Here are some common data points that can appear in a leak:

  • Email address;
  • Username;
  • Full name;
  • Password (usually hashed);
  • Gender;
  • Country;
  • City;
  • Coordinates (latitude, longitude);
  • IP address;
  • Locale;
  • Currency;
  • Phone number.

What happens if my data gets leaked?

If your data has been leaked, you might be at risk of being targeted by cybercriminals. Therefore, you should change your passwords immediately. For additional information on how data breaches could expose you to online threats and how to prevent any damage, check the Data Vulnerability Thermometer.

This tool takes your selected data points and calculates how much this leaked data could put you in danger.

How are users’ locations identified?

The data collected by our independent partners from breached databases that appear online is aggregated by data points that directly identify a user - more precisely, the email address.

To increase the accuracy of the findings, the combinations of data are sorted based on several parameters:

  • Email domain name;
    • Only country-specific domain names like qq.com and similar are used, while international ones are ignored.
  • Breached website domain;
    • Only domains of country-specific websites and services are used.
  • Country;
  • City;
  • Coordinates (latitude, longitude);
  • IP address;
  • Locale;
  • Currency;
  • Phone number.


For timeline accuracy, our independent partners record the actual time of the breach instead of when it becomes public. Therefore, the numbers in the past can change as new cases are reported.

How accurate is information on The Data Breach World Map?

The data cannot be 100% accurate as there are multiple factors that can distort the full picture:

  • Users enter incorrect information - purposefully or accidentally - in registration forms;
  • Users may claim to be located in uninhabited locations;
  • The IP address location can change from time to time;
  • Some products store made-up testing data in their production databases;
  • Phone numbers are difficult to validate without knowing the country of origin;
  • Currency isn’t a very reliable factor as users can live abroad;
  • Foreigners sometimes register on country-specific websites or use country-specific email addresses;
  • A device’s locale can be set arbitrarily.

What sources does The Data Breach World Map use?

Our independent partners collected loads of user data from breached databases that appeared online.

This allowed us to sort through 27,000 leaked databases and create 5 billion combinations of data. Researchers could then sort those combinations based on specific data points, such as countries, and perform a statistical analysis of their findings.

To calculate the breached accounts per 100 people, the population was taken from the Worldometer website.

Has Surfshark had a data breach?

No, Surfshark has never had a data breach. The company takes many security measures to mitigate the risk and operates on RAM-only servers, ensuring the privacy of users' data.