UpGuard finds exposed Elastic database with billions of SSNs and passwords
Feb 22nd 2026
A public Elastic instance discovered the week of January 12, 2026 contained roughly 3 billion email/password records and 2.7 billion personal records with Social Security numbers, some of which were verified as real and likely assembled from older breaches.
- UpGuard detected the exposed Elastic database the week of January 12, 2026 containing about 3 billion email/password records and 2.7 billion personal records with SSNs.
- The reporter notified the FBI IC3 and hosting provider Hetzner, and public access to the database was removed on January 21, 2026.
- A sample of 2.8 million SSN records showed about 52% unique SSNs, 40% unique names, and roughly 75% unique passwords, which extrapolates to about 2.27 billion unique passwords, 1.4 billion unique names, and 1.08 billion unique SSNs in the full set.
- Investigators verified at least some records as real by matching entries to two acquaintances, one of whom confirmed their SSN appeared in the data and another who had been a prior identity theft victim.
- Analysis of password terms tied many entries to cultural references common around 2015, suggesting much of the data dates to that period and may be recombined from older breaches.
- Because SSNs cannot be rotated like passwords, experts recommend credit freezes and stronger authentication on systems that accept SSNs to limit fraud risk.