Data breach

A data breach is the unauthorized exposure of data held by an organization. The category includes: external attacks (criminals exfiltrate customer data), insider exfiltration (an employee or contractor takes data they were not authorized to take), accidental exposure (misconfigured S3 buckets, public Elasticsearch instances, lost backup tapes), and supply-chain compromise (a vendor with access leaks the customer’s data). Verizon’s annual Data Breach Investigations Report tracks tens of thousands of incidents annually.

What it means in practice

The breach economy is industrialized. Data exfiltrated from a target appears on cybercrime forums within days to weeks, gets parsed and cleaned, and enters the corpus that fuels credential stuffing, account takeover, and targeted phishing for years afterward. Have I Been Pwned (haveibeenpwned.com) tracks around 13 billion compromised credentials by 2026; the actual underground corpus is multiples larger. The operational implication: any password you used at a breached service is treated as compromised, even years later, because the corpus persists. The structural defense is unique passwords per site (so a single breach contains the damage to that site) and password-manager autofill behavior (which detects domain mismatches that phishing kits exploit).

Where it shows up

Documented breaches affecting most adult internet users at least once: LinkedIn (2012, 2016, 2021), Yahoo (2013-14, all 3 billion accounts), Marriott (2018, 500 million), Facebook (2019, 533 million), Equifax (2017, 147 million Americans), Twitter (2022, 5+ million), 23andMe (2023, 7 million), MOVEit cascade (2023, hundreds of organizations downstream), AT&T (2024, 73 million current and former customers), Snowflake-customer cascade (2024, dozens of major breaches downstream including Ticketmaster). The pattern is continuous; the question is not whether you have been in a breach but how many and which.

What you can change today

Three steps in 30 minutes. First, search your primary email addresses on haveibeenpwned.com and identify which breaches affected you. Second, for each breach where the password was exposed (HIBP indicates this; “Pwned Passwords” specifically), rotate the password at that service immediately and any other service where you reused it. Third, set up alerts: HIBP’s “Notify me” feature emails you on future breaches affecting your address, and most password managers (1Password Watchtower, Bitwarden Reports, Proton Pass Pass Monitor) integrate breach checks into the vault dashboard. The breach surface is permanent; the operational defense is rotation discipline and unique-passwords-per-site.

Related articles