2021 was a record year for data breaches, and not for a good reason. Some of the numbers were staggering, with more than one breach topping the billion mark.
In no particular order ...
- A database of more than five billion records were exposed online without any authentication needed to access it. The data was stored by cybersecurity analytics firm, Cognyte, which secured the database within three days, after being tipped off by a security researcher.
- More than 500 million LinkedIn profiles were found on the Dark Web. To show the data was 'for real', those reponsible shared two million of the profiles for $2. LinkedIn said the data was not the result of an attack but a threat actor pulling data that was publicly available on a large scale.
- 150 million user records of Raychat, an Iranian business and social messaging platform, were exposed on the internet and then destroyed by a cyberattack involving a bot.
- A Compilation of Many Breaches (COMB), totalling more than 3.2 billion unique emails and passwords belonging to previous leaks from Bitcoin, Netflix, LinkedIn, Yahoo and Exploit.in, was leaked on a hacking forum.
- A cloud misconfiguration by social media management company, Socialarks, exposed the data of more than 214 million social media users (318 million records, 400GB+) to the internet.
- More than a billion search records of (US health company) CVS Health customers were accidentally posted online by a third party. The 204 GB database wasn't password protected or had no form of authentication in place.
- 70TB (around 99.9%) of information, including messages, posts and video data, was leaked from the conservative social media app, Parler.
- A database containing 200 million records of users and models of adult cam site Stripchat were discovered online, left completely unprotected.
- A database containing 223 million records of Brazilians - including names, unique tax identifiers, facial images, addresses, phone numbers, and email addresses - was offered for free on a Darknet forum. The name of the entity involved, or how the information was leaked, was not disclosed by the cybersecurity company that discovered the leak.
- The data of 533 million Facebook users from around the world - 106 countries - was posted online for free.
- Pakistani ride hailing service and parcel delivery company, Bykea, publicly exposed all its production server information, totalling more than 400 million records (200GB of data), via an exposed server that had no password protection or encryption.
- More than 90% of LinkedIn users, totalling around 700 million, had their data put up for sale online. Some of the data was from 2020 and 2021, indicating that it was recent. Similar to the earlier '500 million' breach, LikedIn stated that "this was not a LinkedIn data breach and our investigation has determined that no private LinkedIn member data was exposed."
- Up to 126 million people had their personal data exposed thanks to an unsecured database, belonging to marketing company OneMoreLead, that was posted online.
