top of page

Surfshark's Data Reveals Alarming Global Password Leak Trends

Surfshark, a leading VPN provider, has unveiled concerning statistics related to leaked passwords, shedding light on the vulnerability of digital accounts across the globe. The company's Global Data Breach Statistics, which includes email addresses breached since 2004, exposes the extent of the issue, with many email accounts breached multiple times, often accompanied by passwords. The implications of email addresses being exposed alongside passwords pose a significant risk of account takeovers by malicious actors.

Key findings from the data reveal that since 2004, a staggering 3.7 billion unique email addresses have been compromised. This alarming figure suggests that if each person had just one email address, approximately half of the world's population has fallen victim to data breaches. Moreover, the data highlights that email addresses are frequently leaked alongside passwords, with a staggering 9.5 billion passwords exposed during this period, equating to an average of 2.5 passwords per unique email address breach.

Regionally, North America emerges as the leader in password leaks, with an average of three leaked passwords per unique email address—almost 20% higher than the global average. Europe & Central Asia closely follows with 2.8 leaked passwords per email address. In contrast, the Middle East & North Africa and Latin America & the Caribbean regions display lower averages, with 1.7 and 1.6 leaked passwords per unique email address, respectively.

The data also pinpoints countries with citizens at the greatest risk of account takeovers. Congo DR tops the list, with an alarming 5.7 passwords leaked per unique email account, followed by Czechia (4.2), Gambia (4.1), Italy (4), and Germany (3.8).

Interestingly, Iran stands out as the country with the lowest number of passwords leaked per unique email address, with a mere 0.03 passwords per 100 unique emails on average, suggesting a relatively low susceptibility to account takeovers. Iran is followed by countries such as Timor-Leste (30% of email accounts breached with a password), South Sudan (40%), Iraq (51%), and Guatemala (61%).

In terms of the sheer quantity of leaked passwords, Russia tops the list with a staggering 2.9 billion passwords leaked since 2004, followed by the United States (1.8 billion), China (915 million), Germany (510 million), and France (448 million).

Surfshark's data offers a stark reminder of the critical importance of robust password practices, cybersecurity vigilance, and the value of secure digital practices in an age of persistent data breaches and cyber threats. ###


bottom of page