Are You Safe? Your Data Could Be Breached in One of 10,000 Exposed Databases Around the World

Billions of us could be breached at any second, as nearly 10,000 databases around the world have been left exposed for anyone to access. When you create an account online, your bank details, passwords, and address could all end up in one of these unsecured databases, leaving you and your family open to all kinds of data breaches and attacks.

Researchers at NordPass have uncovered some shocking facts about the security of our data online. The independent study identified a total of 9,517 unsecured databases containing 10,463,315,645 pieces of consumer data, including emails, passwords, and phone numbers. The databases were found across 20 different countries, with China being at the top of the list, while the US followed closely with only a marginal difference in exposed databases. Here are some statistics:

The top 3 countries with exposed databases

  1. China

    Exposed databases: 4,000

    User entries available online: 2.6 billion

  2. US

    Exposed databases: 3,000

    User entries available online: 2.3 billion

  3. India

    Exposed databases: 520

    User entries available online: 4,878,723

Methodology: NordPass partnered up with a white hat hacker, who scanned elasticsearch and mongoDB libraries, looking for exposed, unprotected databases. Once found, he logged into those public databases and checked what kind of data could be found there. The white hat hacker has shared with NordPass how many exposed databases and entries he had found. The hacker requested to stay anonymous. Time frame: June 2019 to June 2020.

How does this affect me?

While some of this data might only be used for testing, it can be damaging if exposed. An exposed database is a collection of billions of pieces of our data, without any security preventing hackers or anyone else from stealing it. Usually a database that contains sensitive consumer data will have one if not several layers of security. Without that, a hacker doesn’t even need to hack — your information is simply sitting in a public database for the world to see.

Some of the largest data breaches of last year were caused by exposed databases. Millions of Facebook records were exposed on a public Amazon server, and, in another incident, an unsecured database exposed the information of 80 million US households. It was reported that the database required no password to access, which is the bare minimum required for data security.

But if you thought a password alone could keep you safe, think again: nearly 800 million unique email addresses and 21 million passwords were sold on the dark web in 2019 alone. This is because most passwords can be cracked in less than a second:

How to protect yourself

All you have to do is type your email address on Have I been pwned to see how many times your email address has been leaked in a data breach. As a quick remedy, you are advised to change your passwords immediately, but it's likely that your entire security is now compromised.

If a hacker has the password to your email account, they can use it to receive ‘forgotten password’ links to your other accounts and easily reset all of your passwords, locking you out of your accounts. If someone gets hold of your name and address, that’s two pieces of your identity checked off the list of an identity thief – the rest can be found by digging around on your social media, hacking your other accounts, and even rummaging through your trash (yes, data is a hot commodity, and they’re desperate for it).

Data security: what needs to happen

With the technology we have and the amount of damage that can be done with our personal data, there’s no excuse for leaving a database exposed. Proper protection should include data encryption at rest and in motion. In other words, there are two soft points at which your data can be attacked: when it’s traveling (i.e. after you type in a password and hit enter), and when it’s stored at rest in databases. Encryption plays a major role in data protection, and you should be encrypting your passwords with a trusted and robust password manager like NordPass.

Personal security: encrypting your passwords

NordPass is a new-generation password manager that uses XChaCha20, the strongest encryption out there, to secure your personal NordPass vault. Your passwords are encrypted in motion and at rest, giving you the ultimate peace of mind. With a single master password you can unlock your precious passwords without the risk of having them stolen from your device or click-jacked from your browser.

The discoveries this study has uncovered are shocking and unacceptable, and it’s quite possible that a large portion of the exposed databases belong to established companies who have a duty to protect their users. Take your security into your own hands and start encrypting your passwords with Nordpass – you can set up your own NordPass vault in minutes.

Subscribe to NordPass news

Get the latest news and tips from NordPass straight to your inbox.