Home / Technology / Massive Data Breach Exposes 3 Billion Emails, Passwords
Massive Data Breach Exposes 3 Billion Emails, Passwords
18 Feb
Summary
- Nearly 3 billion email addresses and passwords were found exposed.
- About 2.7 billion records contained Social Security numbers in the breach.
- The exposed data was removed after a week by the cloud provider.
In January 2026, researchers stumbled upon a massive, publicly accessible online database containing an enormous amount of sensitive personal information. The raw totals from this exposure included around 3 billion email addresses and passwords, alongside approximately 2.7 billion records that may have contained Social Security numbers.
The database appeared to aggregate data from various past breaches, a common practice among data brokers and cybercriminals. Researchers analyzed a sample of 2.8 million records, estimating much of the data originated from the United States around 2015, based on password trends. They found that about one in four Social Security numbers in their sample seemed valid.
After identifying the database's host as German cloud provider Hetzner, researchers notified them on January 16, 2026. Hetzner subsequently contacted their customer, leading to the data's removal on January 21, 2026. The discovery emphasizes the persistent threat of data exposure, as old credentials and sensitive numbers remain valuable for identity theft.
