BreachAlarm has indexed over 227 million hacked accounts with data stretching back 8 years. This means, on average, we’re indexing around 70,000 hacked email/password combinations per day. This takes into account large breaches such as Adobe’s 150 million and eHarmony’s 34 million records. A more typical day sees us pick up 5k – 10k records.
Looking at a sample of our data, we’re seeing some interested trends:
- On average, when someone checks their email address with BreachAlarm, there’s a 41% chance they discover their email address and password has been compromised in a data breach.
- 45% of Gmail accounts, 42% of Hotmail accounts, and 30% of Yahoo email accounts checked on BreachAlarm have been breached.
- AOL and Comcast have suffered data breaches in the past 12 months, so we’ve seen a high percentage of these accounts breached. 55% of AOL and 58% of Comcast users have had their details compromised.
- People from Canada top the list as the most compromised, with 62% of tested emails showing up as breached. The Netherlands is next at 52%.
- Our data shows French email accounts appear to be the least compromised; we’re only seeing 22% of .fr email account being compromised.
That’s not to say that these stats are representative of all email addresses out there. Our data is most likely skewed because people who think or have been told they’ve been involved in a breach will often go in search of more information, find BreachAlarm, and check their email address.
The danger for people who have had their email/password combination leaked, is that they’ve used these login credentials on other websites such as Facebook, Twitter, Gmail, Hotmail etc. With this in mind we recommend two strategies for reducing the likelihood of personal identity theft and other online account hacks:
- Use a strong and unique password for every website you register with. To help you achieve this, we recommend you use a password manager.
- Use two factor authentication where available to log into websites, particularly online email accounts where people tend to store a lot of sensitive information.
Finally, we encourage people to sign up to a free BreachAlarm Email Watchdog account so that we can inform them if their email/password combination appears in a database hack in the future.