A Data breach has become a plaything in the hands of malicious actors to steal data and expose them either for remuneration or their satisfaction. With the passage of time and the evolution of technology, such breaches have increased exponentially. The graph further saw a steep rise in 2021 since the pandemic further increased people’s reliance on technology.
With its end, 2021 has set a record for the maximum number of data breaches in a particular year. According to the Identity Theft Resource Center (IRTC) research, by the end of September itself, 2021 witnessed 1,291 breaches, 17% more than 1,108 breaches in 2020.
Amongst the most affected was the Manufacturing and Utilities Sector, with 48 compromises and 48,294,629 victims. This was followed by the Health Sector, which had 78 compromises and more than 7 million victims. Financial service, government, and professional service were some of the other sectors with more than 1 million victims.
Let us have a look at the top 12 data breaches of 2021.
12. Twitch Data Breach – 7 million
Twitch is an interactive live stream company owned by Amazon. In October, it suffered a breach of almost its entire codebase, and around 125 GB of data was posted online. The leak included Twitch’s source code, its properties, pay-out reports of its customers, etc. However, the credit card numbers, passwords, and bank information were not exposed, according to the company. The company, in its report, also said that the breach was due to a change in server configuration.
11. Bonobos Data Breach – 12.3 million
Bonobos, a men’s clothing store, suffered a data breach in January when the malicious actors compromised the company’s backup server. From a total of 12.3 million customer details, 7 million records of the shipping address, 1.8 million of account information, and 3.5 million records of partial credit cards were accessed.
The data was posted on a free hacker forum by a notorious actor, ShinyHunters. According to Bonobos, the hackers did not steal the data from the internal system but from a backup file that was hosted in an external cloud system.
10. Android Users Data Leak – 100+ million
In May, due to several misconfigurations of cloud service, more than 100 million users’ personal data was leaked by 23 apps. Some amongst the 23 had even more than 10 million installations on Google Play like Logo Maker, Astro Guru, Screen Recording, etc. The researchers at Check Point Research discovered this breach.
App developers generally use real-time databases to store data in the cloud and are synchronized in real-time with the connected clients. However, these apps had their real-time database unprotected, and anyone could access the personal information of its users like name, e-mail, location, gender, photos, phone numbers, etc. The hackers could have used these data for malicious purposes.
9. Thailand Visitors – 106+ million
Thailand is a popular tourist place and attracts millions of tourists every year. In August, Bob Diachenko, a cybersecurity researcher at Comparitech, discovered an unprotected database that contained his personal data as well. The database belonged to Elasticsearch and contained personal data of international travelers from the last ten years.
The personal details included name, sex, visa type, date of arrival and departure, etc.
The Thai authorities secured the data the following day, and they also informed that no misuse of such data was done.
8. Raychat – 150 million
Raychat, a business and messaging application belonging to Iran stored its data on MongoDB database. This database is generally used for handling a large volume of user data. The application suffered a huge breach, and its user records were exposed on the internet. Later on, the data was destroyed by a cyberattack by a bot. A hacker forum, Raid Forum, claimed that they had leaked all the data.
7. Stripchat – 200 million
An Electrisearch database containing records of more than 200 million users and models belonging to an adult cam site called Stripchat was discovered exposed. It contained personal details of around 65 million users such as e-mails, IP address, time of the creation of an account, payment details, tip balance etc.
It also contained a database of about 4,12,000 models like their names, prices, strip score, gender, etc. Though Stripchat secured the database, it was unfound whether the malicious actors could scrape the data.
6. Socialarks – 214+ million
Scrapped profiles of more than 214 million Facebook, LinkedIn, and Instagram users were discovered by researchers from Safety Directives on a server belonging to Socialarks – a cross-border social media management company. It contained more than 408 GB of data.
The data contained 11651162 Instagram, 66117839 LinkedIn, and 81551567 Facebook user profiles that could expose their names, county of residence, contact information, etc.
5. Brazilian database – 223 million
On 20 January, the most significant personal data breach in the history of Brazil occurred. It contained the personal details of alive and deceased persons like name, image, address, phone number, e-mail, etc. Along with this, vehicle records of 104 million were also available. All these data were offered on the Dark web for free.
This breach was discovered PSafe, a cybersecurity start-up, and reported by Techno blog.
4. Bykea – 400 million
While performing a routine IP-address check, the researchers from the Safety Directives team led by Anurag Sen found a server vulnerability. If contained API logs for Bykea, a transportation and logistics company headquartered in Pakistan. The start-up was founded by Muneeb Maayar. The server exposed more than 200 GB of data of more than 400 million users that included their names, location, and other personal details. It also contained personal details of its drivers like names, addresses, phone numbers, driver license numbers, etc.
3. Facebook – 553 million
Researcher Alon Gal discovered a database containing more than 553 million Facebook users’ accounts. Information of users from around 106 nations was exposed that contained about 32 million user records from the US, 11 million from the UK, and 6 million from India. According to Facebook Inc., data was not hacked from its system, but it was scraped from its platform before 2019. The data included personal information such as phone number, birth date, e-mail, etc.
For more information about this, visit the link: https://www.worldcybersecurities.com/facebook-data-breach/.
2. LinkedIn – 700 million
A database containing personal data of more than 700 million LinkedIn users, about 92% of the total users, was put online for sale. Personal details such as name, phone numbers, e-mail, location, gender, etc., were exposed. The malicious actors also tried to sell the data on the dark web. Data was posted on the internet in two waves – firstly of 500 million users and then the rest.
For more information about the first wave, visit the following link: https://www.worldcybersecurities.com/who-is-next-after-facebook-500-million-linkedin-users-data-leaked-online/.
LinkedIn stated that the data was obtained from various other sources, and some data was even scraped from LinkedIn.
1. Cognyte – 5 billion
Cognyte is a cybersecurity analytics firm that stores data as a part of a cyber intelligence service. It alerts its customers from third-party data breaches or exposure.
A huge database of Cognyte was discovered by Bob Diachenko exposed without any password or authentication. It contained information such as name, e-mail, password, etc.
Bob Diachenko informed Cognyte that the database was secured within three days.
(Content Writer, WCSF)