Nearly six billion accounts were impacted globally, according to data analysed by Atlas VPN
The year 2021 was record-breaking in terms of the sheer size of data breaches. According to the data collected and analysed by the Atlas VPN team, 5.9 billion accounts were affected by data breaches throughout 2021.
In February 2021, the Compilation of many Breaches (COMB) breach alone exposed personal information related to 3.2 billion online accounts, making it the biggest data leak of all-time.
In fact, the first quarter of 2021 was the most successful for hackers. In total, 4 billion accounts were breached in Q1 2021.
In Q2, the number of accounts affected by data leaks dropped 65% to 1.4 billion. Meanwhile, the second half of the year saw significantly fewer account breaches.
Overall, 357 million and 93 million accounts were affected by data leaks in Q3 and Q4.
The top five most significant data leaks in 2021 were:
COMB was responsible for the leak of a whopping 3.2 billion unique cleartext email and password combinations.
The breach was named this way because it is not a result of a single hack of a specific organisation but rather combines leaked data from a number of different breaches spanning five years, including Netflix, LinkedIn, and others.
The breached data was first offered for sale on RaidForums, an underground database sharing and marketplace forum, for just $2 in February.
LinkedIn user data was again exposed in another massive data dump in June. Records of 700 million users, which made up around 93% of LinkedIn’s entire user database, were offered for sale on the dark web.
The leaked data includes user email addresses, full names, phone numbers, physical addresses, geolocation records, genders, personal and professional experience, and more.
LinkedIn emphasised that the data dump was not a result of an actual data breach but rather a data scraping event. Still, data scraping was possible due to flaws with LinkedIn’s own API.
In April, the company also faced a similar incident when data from 500 million users was posted online. However, the company claims the user information shared in both incidents is the same.
In addition to LinkedIn, Facebook also experienced an information leak in 2021 due to scraping. In April, the personal information of 533 million Facebook users from 106 countries was published on a hacking forum.
The leaked information includes phone numbers, full names, locations, email addresses, and users’ biographical information. Facebook claims the data leak is a result of an old vulnerability that was patched in 2019.
The fourth place on the list is occupied by another record-breaking leak that exposed data of 220 million Brazilians, including those already deceased. The leak of this scale is the biggest in Brazilian history.
In January, the breached data was discovered on a dark web forum and contained names, unique tax identifiers, facial images, addresses, phone numbers, email, credit score, salary, and other information.
Next up is SocialArks, a Chinese social media agency, which suffered a data breach in January. The data leak stemmed from cloud misconfiguration that exposed over 400 GB of personal information from approximately 214 million Facebook, Instagram, and LinkedIn users, including names, country of residence, contact information, the position of work, subscriber data, and profile links.
It is important to note that the total amount of accounts affected by data leaks in 2021 is likely much higher as many breaches have not been disclosed and the impact of some breaches remains unknown.