Club Benefits
You are now subscribed
Your newsletter sign-up was successful
Want to add more newsletters?
Daily (Mon-Sun)
Tom's Guide Daily
Sign up to get the latest updates on all of your favorite content! From cutting-edge tech news and the hottest streaming buzz to unbeatable deals on the best products and in-depth reviews, we’ve got you covered.
Weekly on Thursday
Tom's AI Guide
Be AI savvy with your weekly newsletter summing up all the biggest AI news you need to know. Plus, analysis from our AI editor and tips on how to use the latest AI tools!
Weekly on Friday
Tom's iGuide
Unlock the vast world of Apple news straight to your inbox. With coverage on everything from exciting product launches to essential software updates, this is your go-to source for the latest updates on all the best Apple content.
Weekly on Monday
Tom's Streaming Guide
Our weekly newsletter is expertly crafted to immerse you in the world of streaming. Stay updated on the latest releases and our top recommendations across your favorite streaming platforms.
Join the club
Get full access to premium articles, exclusive features and a growing list of member rewards.
- United States: 204M
- Mexico: 123M
- Philippines: 72M
- Germany: 60M
- Italy: 53M
- France: 52M
- Turkey: 49M
- Brazil: 39M
- Spain: 31M
- Malaysia: 24M
- Vietnam: 21M
- Argentina: 20M
- Colombia: 18M
- Peru: 14M
- Canada: 12M
- Australia: 12M
- Greece: 9M
- China: 8M
- Hong Kong: 8M
- UAE: 6M
- Norway: 4M
- Romania: 4M
- Armenia: 2M
- Thailand: 2M
- Yemen: 2M
- Morocco: 1M
Even if you’re extra careful online and take all the right precautions to secure your accounts and the data they contain, your personal information could still end up on the dark web. Case in point, one billion personal records from 26 countries around the world were just found left in an unsecured database.
No, this wasn’t a data breach, and hackers weren’t involved in any way whatsoever. Instead, this was a data leak discovered by the team at Cybernews, where a company accidentally left all of those records unprotected online without a password.
Based on its findings, Cybernews believes the exposed database in question belongs to IDMerit, which is a digital identity verification solutions provider. The personal data in that database was used by other companies to verify users in the U.S., Canada, Australia, Mexico and loads of other countries.
Although cybercriminals weren’t behind this massive new data leak, just as the Cybernews team did, they too could have accessed and downloaded this exposed data to use in future attacks.
Here’s everything you need to know about this new data leak, including the steps you can take right now to stay safe from any potential attacks or scams.
Exposed personal data
Like many security researchers, such as Jermeiah Fowler, the news outlet’s team, and others (including cybercriminals) will often scour the internet looking for exposed databases. Cybernews found this massive trove of exposed personal records on November 11 and immediately contacted the company, which then secured the database.
In total, the database held one terabyte of data for users across 26 countries. The U.S. was hit the hardest with 204 million records exposed, followed by Mexico at 123 million and the Philippines with 72 million.
Given that the database was left unsecured for some time, the following personal data was exposed online:
- Full names
- Addresses
- Post codes
- Dates of birth
- National IDs
- Phone numbers
- Genders
- Email addresses
- Telco metadata
- Breach status and social profile annotations
With all of this valuable personal data in hand, cybercriminals could launch all manner of attacks and scams, including account takeovers, targeted phishing attacks, credit fraud, SIM swaps and even identity theft. To make matters worse, all of this leaked data was structured, which would make searching through these records much easier than if the data were unstructured.
How to stay safe after a data leak
Just like with a data breach, you could potentially receive a data breach notification letter in the mail if your personal records were exposed in this leak. If so, you should follow the letter’s instructions and take advantage of the free access to one of the best identity theft protection services if that’s offered.
If not, though, there are still plenty of steps you can take to stay safe after a data leak. For starters, you want to be on the lookout for any suspicious phone calls or messages as they could be targeted phishing attacks designed to steal even more of your data. These could arrive via email or text, so be wary of any messages from unknown senders.
Signing up for identity theft protection is a great way to protect yourself after a major leak, as these services can help you recover a stolen identity as well as any funds lost to scams or fraud. As always, though, it’s also a good idea to protect your Windows PC with the best antivirus software or your Apple computer with the best Mac antivirus software. The reason is that those phishing emails could arrive with malicious attachments designed to infect your devices with malware.
As for this data leak, hopefully, we hear more from IDMerit, and if so, I’ll update this piece with any new information. Either way, it’s up to you to ensure that you’re taking all of the necessary precautions, such as being careful where you click, to stay safe from any attacks that try to leverage this exposed data.
Follow Tom's Guide on Google News and add us as a preferred source to get our up-to-date news, analysis, and reviews in your feeds.
More from Tom's Guide
- A new spyware called ZeroDayRat can take over your iPhone or Android via text
- How did the FBI get Nancy Guthrie's Google Nest camera footage if it was disabled and what does it mean for your privacy?
- 300,000+ Chrome users installed these malicious extensions posing as AI assistants — delete them right now
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
