Back to Blog

The State of Data Breaches in 2026: What You Need to Know

LeakedSource Team
|

Data Breaches Have Reached an Unprecedented Scale

The scale of data breaches has surpassed anything the cybersecurity community predicted. With over 18.9 billion breached records indexed across 12,079 known breach sources in the LeakedSource database alone, the threat landscape has fundamentally changed. For most internet users, the question is no longer whether your data has been exposed, but how many times and how severely.

The Largest Breaches in Our Database

The sheer volume of records in modern breaches is staggering. These are the largest breach sources currently indexed by LeakedSource:

  • Verifications.io (2019): 722 million records — An email validation service left its entire database exposed, leaking names, email addresses, phone numbers, and IP addresses.
  • Weibo (2019): 503 million records — China's largest social media platform had user data including real names, phone numbers, and location data scraped and leaked.
  • MySpace (2008): 301 million records — A legacy breach that resurfaced years later, containing email addresses and weakly hashed passwords.
  • Adobe (2013): 293 million records — Included encrypted passwords and password hints that were trivially reversible.
  • Deezer (2019): 228 million records — The music streaming platform's user data appeared on underground forums years after the initial incident.
  • People Data Labs (2019): 202 million records — A data enrichment company's unprotected Elasticsearch instance exposed a massive trove of personal and professional data.
  • AdultFriendFinder (2016): 202 million records — Extremely sensitive account data from adult dating sites, including deleted accounts that were never purged.
  • National Public Data (2024): 169 million records — A background check company suffered a catastrophic breach exposing Social Security numbers, addresses, and personal details of US residents.
  • Canva (2019): 137 million records — The design platform had usernames, email addresses, and bcrypt-hashed passwords compromised.
  • LinkedIn (2012): 136 million records — Originally reported as 6.5 million, the true scope of this breach wasn't known until the full dataset surfaced in 2016.

2024–2025: A Record-Breaking Period

The past two years have been especially devastating. Since January 2024, we've indexed 4,829 new breach sources containing over 3.3 billion records. Several incidents stand out:

  • National Public Data (Sep 2024) — 169 million records of US residents including SSNs, making it one of the most consequential breaches in US history.
  • DemandScience (Feb 2024) — 132 million B2B contact records from the data aggregator Pure Incubation were exposed.
  • Under Armour (Nov 2025) — 74 million records from the athletic apparel company were compromised.
  • SF Express (Sep 2024) — 35 million records from China's largest express delivery company were leaked.
  • Twilio Authy (Jul 2024) — 33 million phone numbers associated with the two-factor authentication app were exposed via an unauthenticated API endpoint.
  • SoundCloud (Dec 2025) — 31 million user records from the music platform appeared on breach forums.
  • Trello (Jan 2024) — 15 million user records were scraped via an open API and linked to email addresses.
  • U.S. Environmental Protection Agency (Apr 2024) — 13 million records from the federal agency were exposed.

The Rise of Stealer Logs and Combolists

One of the most significant shifts in the breach landscape is the explosion of infostealer malware. Unlike traditional database breaches, stealer logs capture credentials directly from infected devices, including active session cookies, saved passwords, and autofill data. In 2024–2025 alone, hundreds of stealer log dumps have appeared on forums like BreachForums and LeakBase, with individual collections containing tens of millions of unique credentials.

These stealer log collections are particularly dangerous because they often contain currently valid credentials, not old passwords from years-old breaches. Combined with large-scale combolists that aggregate stolen data from multiple sources, this creates a persistent threat of credential stuffing attacks against any online service.

What Data Is Being Exposed

Modern breaches go far beyond simple email-and-password combinations. The types of data we're now seeing in breach datasets include:

  • Full identity profiles — names, dates of birth, Social Security numbers, government IDs
  • Financial data — partial credit card numbers, bank account details, transaction records
  • Location and device data — IP addresses, GPS coordinates, device fingerprints from stealer logs
  • Authentication secrets — passwords, password hashes, session tokens, API keys, 2FA seeds
  • Professional information — employer details, job titles, salary data, internal communications
  • Health records — medical histories, insurance information, prescription data

Evolving Attack Methods

Attackers continue to refine their methods:

  • Supply chain compromise — Targeting third-party vendors and data aggregators to access data from thousands of downstream organizations in a single attack.
  • API exploitation — Unauthenticated or poorly secured APIs have become one of the most common vectors for mass data scraping, as seen with Twilio Authy and Trello.
  • Ransomware with data exfiltration — Double-extortion ransomware groups now steal data before encrypting systems, publishing it when victims refuse to pay.
  • Infostealer malware — Malware families like Redline, Raccoon, and Vidar harvest credentials from millions of devices, feeding a continuous pipeline of fresh data into underground markets.
  • Cloud misconfigurations — Unsecured S3 buckets, Elasticsearch instances, and database servers continue to expose massive datasets.

How to Protect Yourself

Given the scale of modern breaches, proactive defense is essential:

  1. Check your exposure — Use LeakedSource to scan your email, username, phone number, or IP address across our database of 18.9 billion records.
  2. Use unique passwords everywhere — A password manager makes this practical. When one service is breached, unique passwords prevent attackers from accessing your other accounts.
  3. Enable two-factor authentication — Preferably with a hardware key or authenticator app rather than SMS, which can be intercepted.
  4. Monitor continuously — New breaches surface constantly. Our monitoring service alerts you when your data appears in newly indexed breaches.
  5. Review your digital footprint — Delete accounts you no longer use. Data from forgotten accounts can sit in databases for years before a breach exposes it.
  6. Keep software updated — Infostealer malware exploits known vulnerabilities. Keeping your OS and browser updated closes these entry points.

The Bottom Line

With nearly 19 billion records across over 12,000 breach sources, data breaches are a defining challenge of our digital era. The pace is accelerating, the methods are more sophisticated, and the data being stolen is more sensitive than ever. The best defense is awareness and action. Start by scanning your email at LeakedSource to understand your current exposure.

Check Your Breach Exposure

Find out if your email address has been compromised in any known data breaches.

Scan Your Email Now
All Posts