Biggest Data Breaches of 2021

Giulio Saggin
Giulio Saggin
Tuesday 28 November 2023

2021 was a record year for data breaches, and not for a good reason. Some of the numbers were staggering, with more than one breach topping the billion mark.

In no particular order ...

- A database of more than five billion records were exposed online without any authentication needed to access it. The data was stored by cybersecurity analytics firm, Cognyte, which secured the database within three days, after being tipped off by a security researcher.

- More than 500 million LinkedIn profiles were found on the Dark Web. To show the data was 'for real', those reponsible shared two million of the profiles for $2. LinkedIn said the data was not the result of an attack but a threat actor pulling data that was publicly available on a large scale.

- 150 million user records of Raychat, an Iranian business and social messaging platform, were exposed on the internet and then destroyed by a cyberattack involving a bot.

- A Compilation of Many Breaches (COMB), totalling more than 3.2 billion unique emails and passwords belonging to previous leaks from Bitcoin, Netflix, LinkedIn, Yahoo and, was leaked on a hacking forum.

- A cloud misconfiguration by social media management company, Socialarks, exposed the data of more than 214 million social media users (318 million records, 400GB+) to the internet.

- More than a billion search records of (US health company) CVS Health customers were accidentally posted online by a third party. The 204 GB database wasn't password protected or had no form of authentication in place.

- 70TB (around 99.9%) of information, including messages, posts and video data, was leaked from the conservative social media app, Parler.

- A database containing 200 million records of users and models of adult cam site Stripchat were discovered online, left completely unprotected.

- A database containing 223 million records of Brazilians - including names, unique tax identifiers, facial images, addresses, phone numbers, and email addresses - was offered for free on a Darknet forum. The name of the entity involved, or how the information was leaked, was not disclosed by the cybersecurity company that discovered the leak.

- The data of 533 million Facebook users from around the world - 106 countries - was posted online for free.

- Pakistani ride hailing service and parcel delivery company, Bykea, publicly exposed all its production server information, totalling more than 400 million records (200GB of data), via an exposed server that had no password protection or encryption.

- More than 90% of LinkedIn users, totalling around 700 million, had their data put up for sale online. Some of the data was from 2020 and 2021, indicating that it was recent. Similar to the earlier '500 million' breach, LikedIn stated that "this was not a LinkedIn data breach and our investigation has determined that no private LinkedIn member data was exposed."

- Up to 126 million people had their personal data exposed thanks to an unsecured database, belonging to marketing company OneMoreLead, that was posted online.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.


SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203