A newly discovered and now-removed database contained an estimated 2.7 billion Social Security numbers alongside roughly 3 billion email addresses and passwords. Cybersecurity researchers at UpGuard identified the exposed data in January, hosted by German cloud provider Hetzner. The breach’s scale raises serious risks of identity theft for potentially millions of Americans, even if many records may be duplicates or outdated.
The Scope of the Exposure
The database was not tied to a single, recent hack. Instead, it appears to be an amalgamation of data scraped from multiple past breaches—including potentially the 2024 incident at background-checking firm National Public Data. Data brokers and criminals routinely combine datasets like this, but the sheer volume makes this case particularly alarming. The exposed records date back to around 2015, but stolen data remains valuable for years due to password reuse and the unchanging nature of Social Security numbers.
Why This Matters
The persistence of exposed SSNs is a key issue. Unlike passwords, which can be changed, a valid Social Security number remains a lifetime asset for identity thieves. UpGuard’s analysis of a 2.8 million-record sample suggests that roughly one in four SSNs is legitimate. Extrapolating this to the full dataset implies over 675 million potentially valid numbers were exposed.
The real danger is that many victims are unaware their data was compromised. The breach could lead to financial fraud, credit damage, and other forms of identity theft.
How the Breach Was Handled
UpGuard contacted Hetzner after validating the data exposure. The cloud provider removed the database on January 21 after being notified. The original owner of the database remains unknown.
Long-Term Risk
The fact that many exposed individuals have not yet experienced identity theft does not mean they are safe. Cybercriminals often stockpile stolen data for future use, testing credentials over time. The exposure of SSNs ensures that millions remain vulnerable to long-term fraud.
The incident highlights the ongoing threat of large-scale data breaches and the need for improved security practices among data brokers and cloud providers. Individuals should remain vigilant about potential fraud and monitor their credit reports for suspicious activity.
