Scammers Are Recycling Old Breach Data With AI. Here’s What To Do
Scammers are using AI to weaponize your past data. Don’t make it easy for them.
Scammers don’t always need fresh hacks. Sometimes, they just recycle your old data and make it dangerous again.
That’s exactly what’s happening now (source). We warned about a variation of this last year. Read that post here:
Security researchers have now caught on and are warning about the threat, dubbing it “previously compromised data”. Criminals are digging up breach data from years ago (think LinkedIn (2012), Yahoo (2013), Marriott (2018)) and running it through AI tools to give it new life.
Why Old Breach Data Still Matters
When your information is exposed in a breach, it rarely disappears. Copies circulate in underground markets, leak forums, and unsecured cloud servers.
In the past, scammers had to do the tedious work of piecing it together. So the data in large part went unused because the effort to extract value was too great. Today, AI does it for them:
It cross-references old email addresses with new phone numbers scraped from data brokers.
It matches old employers from a LinkedIn profile with leaked credentials.
It personalizes phishing messages so they look eerily convincing.
This is why so many scam texts and emails seem to “know” something about you, even if that detail is years out of date.
What These Scams Look Like in Practice
Here are a few common plays built on previously compromised data:
Password blackmail emails. Scammers send a message that includes a password you used years ago (“We saw you use this password in 2014…”) and demand payment.
Family emergency texts. They use names of relatives scraped from LinkedIn or Facebook, paired with old contact info, to make the message believable.
Fake support calls. The caller already knows your email and partial Social Security number from old breaches, so you’re more likely to trust them.
Business email compromise. Professionals are targeted when criminals combine breach data with their public LinkedIn profile, tricking clients into wiring funds.
It all comes back to the same problem: the more data about you that’s floating around, the easier it is for scammers to weaponize it.
Three High-ROI Moves to Shrink Your Exposure
The good news: you don’t have to accept being an easy target. Here are three practical steps you can take right now.
1. Get your personal data out of easy reach
Data brokers and Google searches make it simple for scammers to connect the dots. You can DIY remove your info from these sites, but it’s a time intensive effort (to put it mildly). A service like DeleteMe does the heavy lifting of removing your personal information from data broker sites automatically. There’s a lot of competition in this space, especially in the past couple of years. But we’ve used DeleteMe for almost 5 years and love the results (and time savings).
Think of it as cutting off the link between old breach data and your current life. Fewer connections mean fewer scam attempts that feel personal. Use our affiliate link to get 20% off.
2. See what’s already out there about you
If you’ve ever wondered how scammers build a profile, our reader favorite OSINT (Open-Source Intelligence) Guide shows you exactly how they do it.
You’ll learn how to run the same searches they run, spot your own exposure, and take steps to close the gaps. It’s a high privacy IQ move that pays off immediately. Grab your copy here (it’s only $7 and is an easy way to support our work).
3. Tighten your professional footprint
LinkedIn is a goldmine for scammers looking to impersonate you, target your clients, or craft convincing phishing emails. When scammers combine LinkedIn data with previously compromised data, the scam is 10X more effective.
Our LinkedIn Privacy Tune-Up shows you how to:
Lock down sensitive details
Limit data harvesting
Stay professional without oversharing
For most professionals, tightening LinkedIn is one of the highest privacy ROI moves you can make. Grab a copy of the guide here (use coupon code 0DPMQ1T for 25% off).
Free Steps You Should take too
Not every step costs money. A few free moves go a long way:
Check if your emails have been in a breach at haveibeenpwned.com.
Stop reusing passwords. A password manager makes this easy.
Turn on multi-factor authentication wherever possible (preferably an authenticator app instead of SMS).
Consider using passkeys and hardware keys where available.
Use Disposable Emails (a/k/a temporary email or email aliases)
Each of these cuts down the chances that old breach data can be used against you.
Treat Privacy As A Future Proofing Exercise
Maybe you’ve been lucky so far and haven’t dealt with a scam that hit close to home. That doesn’t mean you won’t. The reality is, the data’s out there, and AI is making it easier for criminals to weaponize it.
At the end of the day, the less data you leak, the harder you are to target. Small privacy upgrades today will save you from bigger headaches tomorrow.
Start with one of the steps above, whether it’s using DeleteMe, running an OSINT check on yourself, or tightening your LinkedIn. Each one is a privacy win, and they stack up quickly.
Friendly Ask
If you found this helpful or informative, chances are your friends and family will as well. Especially those who are loose with their data or slow to react to new trends in scams and technology. Please share it with them to help spread awareness.
Looking for help with a privacy issue or privacy concern? Chances are we’ve covered it already or will soon. Follow us on X and LinkedIn for updates on this topic and other internet privacy related topics.
Disclaimer: None of the above is to be deemed legal advice of any kind. These are *opinions* written by a privacy and tech attorney with years of working for, with and against Big Tech and Big Data. And this post is for informational purposes only and is not intended for use in furtherance of any unlawful activity. This post may also contain affiliate links, which means that at no additional cost to you, we earn a commission if you click through and make a purchase.
Privacy freedom is more affordable than you think. We tackle the top Big Tech digital services and price out privacy friendly competitors here. The results may surprise you.
Learn how email tracking pixels work, what data they reveal, and the best ways to block them to protect your inbox privacy.
Check out our specialized privacy and security guides in our digital shop. Below is a sample of what’s available. People are really loving the De-Google your Life Guide (available here at 25% off). Browse all the guides here. Annual paid subscribers get all the guides for free with their subscription (worth $140+).
If you’re reading this but haven’t yet signed up, join for free (3.5K+ subscribers strong) and get our newsletter delivered to your inbox by subscribing here 👇
Great advice. Gotta clean up those old accounts.
Your comrade, Jason Rowe, Beyond..FireWall.
No can find..hope all is well!