A massive unsecured database containing tens of millions of Social Security numbers, email addresses, and passwords has been discovered by cybersecurity firm UpGuard. The database, which appears to have been compiled from multiple breaches over approximately a decade, contains raw totals in the billions but likely includes many duplicates. Researchers estimate the unique entries could number in the tens to hundreds of millions.

The data spans roughly a decade, with much of it potentially originating from a 2024 leak of 2.7 billion records that was speculated to include sensitive personal information for every person in the US, UK, and Canada. Other data appears much older, with researchers using cultural references in passwords to date portions of the dataset. Analysis revealed common passwords referencing One Direction, Fall Out Boy, and Taylor Swift, suggesting data from around 2015 in the United States.

Despite the age of much of this information, security experts emphasize that old data remains a significant threat. Social Security numbers never change, and verification processes indicate that much of this exposed data has not yet been exploited. This means potential victims may be unaware their personal information is circulating on the dark web. The discovery highlights the ongoing risks of data breaches and the importance of using strong, unique passwords for all online accounts.