Data leaks surge almost 500% during pandemic

Data leaks reached an all-time high, rising by 492% to a record 27 billion in the first half of 2020, according to data acquired by Atlas VPN.

There were a total of 2,037 publicly reported breaches in the first half of the year, compared to the same period last year. The number of leaked records through 30 June grew nearly sixfold from 4,7 billion to over 27 billion records.

The amount of records exposed in the first half of 2020 is 12 billion, more than the total number of records leaked during the entirety of 2019. Additionally, it is more than four times higher than any six month time period between 2013 and 2020.

Misconfigured databases and services were revealed to be the primary cause of the growing number of data leaks. Misconfiguration may leave entire databases open and freely accessible to anyone, which consequently may lead to bad actors taking advantage of the sensitive data.

In contrast to the growing amount of records leaked, the number of data breaches in the first half of 2020 plummeted by 52%. However, the drop in data breaches is more likely to be the consequence of delayed disclosing of the events than the actual decline in the number of breaches happening.

The study by cyber risk professionals at Risk Based Security found that the rate of breach reporting slowed down at the start of the pandemic and has not picked up ever since.

The numbers are based on the research conducted by the cyber risk analytics team at Risk Based Security that analyzed publicly disclosed data breaches reported between January 1st, 2020, and June 30th, 2020. The study also contains disclosed breach data from previous years dating back to 2013.

Email addresses are most likely to be leaked

Breaches in the first half of this year exposed an array of highly sensitive personal data ranging from email addresses to social security numbers and credit card details. People who tend to re-use the same email addresses and passwords across different platforms should take extra care as these credentials fall in the topmost commonly exposed data types.

Emails remain the most targeted type of credentials three years in a row, with 42% of data breaches in the first half of 2020 including email addresses. The research revealed that people continue to use work email addresses for personal purposes, including gaming sites, sports media companies, and recreation equipment dealers.

Breaches exposing names rose by 12% from 28% to 40% compared to the equivalent period last year. This shift, however, may be caused by a decrease in breach disclosures.

The reason being, if data exposed contains an individual’s name and at least one other type of identifier information, the breached entity may be legally bound to disclose the event.

Nearly 36% of the breaches exposed passwords. While the number is down by approximately 24% from last year, passwords remain among the most leaked data types. The majority of the exposed passwords were hashed. However, some had outdated hashing algorithms and hence were easily decryptable.

Data breaches appear to be growing in severity, with the first six months of this year seeing the largest reported breaches in history. Over 66% (18 billion) of the leaked records in 2020 were the consequence of merely two data breaches.