Email Breach Report 2024

header email breach report 2024
Yuka Kato on

An email breach occurs when a company’s data is hacked or stolen with malware, exposing the email addresses of the company’s customers.

If you have trouble logging into your email or notice unusual activity in your account, your address may have been compromised in this way. A number of services, such as Norton and Have I Been Pwned, allow you to check if your email has been identified in such a breach, although a negative result is not 100% proof that you’re in the clear. While some stolen addresses go unused, others may be used in phishing attacks on the owner, spoofed to trick the owner’s contacts or used to commit identity fraud.

Unfortunately, no company is completely safe. When Microsoft’s leadership and security teams were compromised in an attack towards the end of 2023, the company claimed the breach was “not the result of a vulnerability in Microsoft products or services.” Some 73 million current and former AT&T customers were exposed in a single breach that may have gone unnoticed for four years until the data leaked in 2023.

In our latest report, Mailsuite uncovered the names and email providers that appear most frequently in email breach databases.

What we did

We built a list of the most common first and last names in the United States and combined them with the domains of seven leading email providers, for example: “Name” + “Email Provider” = e.g., james@hotmail.com. Then, we ran the 18,000 generated email addresses through the email breach database Have I Been Pwned and calculated the average number of email breaches per name across the providers and per provider.

Key findings

  • Bob is the male name with the highest rate of email breaches, with an average of 180.0 breaches per Bob-themed email address.
  • Maria is the female name with the highest rate of email breaches, with an average of 115.3.
  • Ali is the surname with the highest rate of email breaches, and @gmail.com is the most commonly breached email provider.

The first names most susceptible to email breaches

Email addresses containing the name “Bob” are likely to have been involved in an average of 180 email breaches. This high volume of breaches is swiftly followed by “John” (175.1 breaches), after which the numbers tail off a little. Still, even the 20th most susceptible name, George, is involved in 102.6 breaches on average.

The-Male-Names-Most-Susceptible-to-Email-Breaches

Female names appear less vulnerable. The most susceptible name, “Maria,” is involved in an average of 115.3 breaches per email address. This is 35.6% less than “Bob.” Likewise, addresses that use the 20th most susceptible female name, Jenny (83.7), are involved in 18.4% fewer breaches than the male counterpart, “George.”

The-Female-Names-Most-Susceptible-to-Email-Breaches

While it is good practice to include your real name in your professional email address, this makes it easier for hackers and legitimate data brokers to connect your online activity with your identity. Experts suggest creating multiple addresses for different uses. Keeping your eggs in different baskets limits the damage if one of the addresses is involved in a breach. Using an email address that doesn’t include your first name may make it more difficult to spoof emails purporting to come from your account.

The last names most susceptible to email breaches

A range of common last names from a variety of cultures populates our list of the most susceptible surnames. “Ali” is the worst affected by a considerable margin, with 115.1 breaches per email address, which is 19.4% more than second-placed King (96.4) and almost twice that of 20th-placed Austin (66.7).

[ 03_The-Last-Names-Most-Susceptible-to-Email-Breaches ]

The-Last-Names-Most-Susceptible-to-Email-Breaches

As the Ashley Madison leak showed, identifying a website’s customers beyond just their username can have devastating consequences even beyond the familiar threats of spoofing, phishing and identity theft. The 2015 incident revealed the names, email addresses and other sensitive data of site users, which offers “Affairs & Discreet Married Dating.”

The email providers most susceptible to breaches

Finally, we analyzed which email provider domain names are most likely to appear on the tail of email addresses involved in data breaches. This is not to say that these companies have a lack of security, but only that their names show up most commonly — perhaps because they are popular services or because the demographic that uses a particular email service may overlap with the customer base of an organization hit by a breach.

The-Email-Providers-Most-Commonly-Found-in-Breaches

We found that addresses ending in “@gmail.com” appear in an average of 80.0 breaches, followed by “@yahoo.com” (74.2) and “@hotmail.com” (67.7). This adds up since Gmail is the most used email provider. Microsoft has more users than Yahoo, but these are divided across Microsoft’s Hotmail and Outlook domains. Considering Gmail’s dominance among email providers, the gap between Gmail and Yahoo breaches is not so huge. A single 2013 attack on the Yahoo network affected all three billion user accounts that the service maintained at the time. The breach revealed not only email addresses and names but also passwords, birth dates and even security questions.

Your digital identity

Your email address is a key part of your digital identity. Since 91% of all cyberattacks start with a phishing attack — a fake email that encourages you to click on an infected link — it is essential to maintain vigilance in daily activities by installing security software and double-checking the source of any email before clicking any links.

Still, email users must trust much of their data to the companies that host their inboxes, and any service that requires user data such as email addresses. In this case, experts recommend maintaining multiple email addresses, using different passwords for every log-in and watching out for breach reports. If your email address is compromised, change your password, check any accounts you’ve signed up to with that email address and double down on your malware detection software.

Methodology

To start, we built a seed list of the most common first and last names in the United States from Name Census, including:

  • The 500 most common (by count) male and female names
  • the 1,000 most common last names

Then we created a list of email addresses by combining the names and email provider/providers, for example: “Name” + “Email Provider” = e.g., james@hotmail.com

We used seven email providers: @gmail.com, @hotmail.com, @outlook.com, @icloud.com, @mail.com, @yahoo.com and @gmx.com

We ran the 18,000 generated email addresses through the email breach database Have I Been Pwned and recorded the number of breaches each address appeared in.

To rank the names, we calculated the average number of email breaches per name across the providers. 

To rank email providers, we calculated the average number of email breaches per email provider across the names. These findings don’t constitute proof of these email providers’ lack of security. The information is not advice and should not be treated as such.

The analysis was completed in June 2024.

Categories: Research & Studies

Entradas relacionadas

Research & Studies

Email Tool Replaces Passive-Aggressive Language with Softer Alternatives

As the medium of email has matured, employees have become used to seeing warnings appended to the emails they send and receive: warnings to protect against waste (Do you really need to print this email?), security breaches (This email originated from outside of the organization) and looking silly (You may have forgotten to attach a

Continue Reading →

Research & Studies

How Americans Use Emojis in Work Emails

An emoji doesn’t usually say a thousand words, but it can help convey an idea or encapsulate your feelings in a limited space. And emojis can create a sense of complicity or togetherness, as the spike in emoji use at the start of lockdown illustrated. These are all precious commodities in business. But the lockdown

Continue Reading →

Research & Studies

The Most Loved Email, Messaging and Social Media Apps by Country

Humans have been communicating with one another just fine for a long, long time. So when new technology comes along to update the way we communicate, it needs to be frictionless, affordable and appealing to become ‘normal.’  Over the past three decades, some tech brands have become more adept than others at identifying and/or creating

Continue Reading →