Get Surfshark
  • EN
  • Log in
  • Get Surfshark
  • Menu
Hero Image
Hero Image
Hero Image
Hero Image
  • Intro
  • Leaked Data
  • Jane
  • Instant threat
  • William
  • Photo studio
  • Coffee shop
  • Vast scale
  • Cho
  • Incalculable loss
  • Glen
  • Threat deepens
  • Stay safe
  • Methodology

What happens with leaked data?

Explore
Jane
What happens with leaked data?

The most common driving force behind data breaches is financial gain. However, sometimes hackers also intend to damage the reputation of companies, institutions, or individuals.

We’ve taken a deep dive into publicly available leaked data to create examples of people - both real and fictional - to illustrate the most striking points:

  • what data is leaked most often?
  • what are the massive personal consequences of data breaches?
Top 5 leaked data points

Publicly available databases most commonly contain email addresses, passwords, account IDs, password hashes and IP addresses. The chart below shows how many data points of each type were lost per 100 internet users.

Top 5 Leaked data points
Jane's story
Model, beauty influencer

Leaked data: name, account ID & password

Jane has managed to hop on modern trends. Therefore, she leads the life of a beauty influencer on social media.

Jane paid a ransom

However, not everyone enjoyed her popularity and decided to blackmail her. Having obtained her credentials from a leaked data compilation, hackers seized control of Jane’s account.

To get her account back and avoid reputation damage, Jane had to pay a ransom. Luckily for her, that was the extent of the hack - the hackers didn’t seem interested in using her account for further scams.

Most common combination of leaked data points

75% of email addresses are leaked with passwords for the services and websites they're tied to. This combination gives hackers full access to many online platforms we use daily.

Top 5 Leaked data points

75% of email address leaks contain the passwords as well

25% leaked without passwords

William's story
Freelance photographer

Leaked data: personal email & password

William runs his own social media page with a moderate following. As a photographer, he uses it to connect to his fans and even score clients. It is a major platform for promoting his name and his work.

William's customers got scammed

Once his data came out in a leak, the hackers used his page to run scams on people by advertising goods like moon lamps, taking the money, and not shipping anything.

The sale scam operating on his page hurt William’s reputation and he lost a good amount of his clients. It took William quite some time to gain back control of his accounts and apologize to scammed customers.

One email - three breaches

William uses his personal email address when logging into his fan page, an image storage service, a photo editing software, as well as other online services that make his life easier.

Reusing a single email address means that it can get leaked more often. In many cases, the address can be leaked together with the data that's stored with it: account ID, name, date of birth, and more.

Your daily life, measured in leaks

Let’s look at two characters: Glen, the teacher, and Cho, the coffee shop owner.

Every second, 63 email addresses are leaked. It’s always happening in the background as you go about your day.

It took Glen 13 seconds to order a coffee. In that time, 819 emails were leaked - enough to cover the population of Vatican. Cho prepared her coffee in 2 minutes. That was enough for 7,560 emails to be leaked - including Cho’s.

In one day 5.5 mln email addresses are leaked

That's about the size of the population in Singapore

This graph shows the time it takes for enough email addresses to leak to cover enormous populations.

Vast Scale
Cho's story
Small business owner

Leaked data: business email address & password

Cho runs a coffee shop. Proud of his business, he tries to make it as efficient as possible. Making best use of modern digital business tools, Cho used the same credentials when signing up for every business-related service.

Cho lost $40,000

A leak in one of the services made it easy for a hacker to access his inbox. When an invoice for a large purchase was received, the hacker deleted the original email, and instead presented a falsified one - which included his receiving bank account number.

Cho did not notice the switch up, and his company’s accounting transferred $40,000 to the hacker. By the time the real company reached out for the payment, it was too late to reclaim the money.

Most commonly breached personally identifiable data points

99 sensitive data points are lost per 100 internet users. The more of your personal data is leaked, the easier it is for scammers to use social engineering to get what they want from you.

Incalculable Loss
Glen's story
History teacher

Leaked data: full name & telephone number

Glen uses digital services sparingly. Between her work and her analog hobbies, she just doesn’t have time to be online. However, she is a modern teacher, and uses online tools to make her work better.

Glen's credit card was wiped out

Glen lost her data in a hack of an online teachers’ forum. She didn’t take any action as she thought nobody is interested in her information.

After 8 months, she received an a text message, saying “Mrs. Glen Watergate, please confirm your membership at the teachers’ forum by clicking this link https://cutt.ly/eRu4qJM”. She opened it and saw a form asking to enter her credit card details for future membership renewal.

Extremely sensitive personal data gets leaked less often

In public databases, only 1 out of 100 users has the personal health or financial data points listed below compromised. Glen, on the other hand, revealed sensitive financial information on her own over the phone.

Top 5 Leaked data points
Top 5 Leaked data points

No. of data points per 100 internet users

Be safe online

Steps you can take to protect yourself as well as mitigate the consequences of data breaches.

  • Use password managers;
  • Enable two-factor authentication;
  • Use a VPN, antivirus and firewalls;
  • Inform law enforcement when you experience a hack;
  • Use disposable virtual credit cards for your online payments;
  • Avoid suspicious links, especially shortened ones;
  • Use encrypted cloud services instead of regular ones.
Stay Safe
Methodology

This study is a deep dive into the Surfshark Alert database. We’ve looked into data breaches that occurred between 2004 and the present in order to identify the most commonly leaked data points and the threat they pose. The data collection was analyzed and illustrated per 100 people in relation to internet user as well as world population statistics. Data point categorization is based on The General Data Protection Regulation.

Sources:

European Commission (2016). The General Data Protection Regulation. EC.europa.eu
Internet World Stats (2020). Internet Usage Statistics. Internetworldstats.com
Worldmeter (2020). World Population. Worldometers.info

Methodology