Chiến lược marketing

Top 10 Worst Data Breaches in 2021

Top 10 Worst Data Breaches in 2021
23
Th9

Here are the top 10 worst data breaches you must know in 2021
It’s no surprise that Covid-19 has increased the number of cyber-attacks and data breaches that have been reported throughout the world. The ICCC received almost 800,000 cybercrime reports in 2020, as per the FBI’s 2020 Internet Crime Crime Report, with claimed damages surpassing $4.1 billion.

Thanks to modern technologies such as MI, AI, and 5G, threats have grown in intelligence and speed, in addition to a rise in the number of assaults and data leaks. Let’s take a glance at 10 of the worst data breaches observed throughout the world so far this year.

 

#1. Facebook, Instagram & LinkedIn
Another data breach on social media. This time, Socialarks, a Chinese social media management firm, experienced a data breach through an unprotected database, exposing the account information and personal information of at least 214 million people on social media. Many high-profile celebs and social media influencers were among the 400GB of personal data leaked.

Users’ names, mobile numbers, email accounts, profile links, logins, profile pictures, profile detail, follower and interaction logistics, location, messaging ID, website URL, job specification, LinkedIn profile URL, linked social media account user account names, and company name are among the data exposed by each platform.

 

#2. Volkswagen & Audi
In June, a 3rd party marketing services provider revealed the PII of 3.3 million Volkswagen and Audi consumers in the United States and Canada.

Names, postal addresses, email accounts, mobile numbers, and information regarding automobiles purchased, leased, or enquired about, containing vehicle reference numbers, makes, types, years, colors, and trim packages, were among the most exposed data. More personal information, including driver’s licence numbers and a limited number of dates of birth, social welfare or social insurance information, account or loan figures, and tax id numbers, was exposed for 90,000 people in the United States.

 

#3. Android
Android was victimized by enemies in the month of May. Due to numerous configuration errors of cloud services, security experts revealed that the personal information of over 100 million people on the mobile platform had been exposed.

The information was discovered in 23 apps’ unsecured real-time databases, with download numbers ranging from 10,000 to 10 million. The finding indicated that some Android developers do not adhere to fundamental security standards when it comes to limiting access to the app’s data.

 

#4. Microsoft
Microsoft said on March 2nd that it had been the target of a state-sponsored cyber-attack by the Chinese hacker organization Hafnium. More than 30,000 organizations in the United States were impacted by the assault, including local governments and federal agencies.

This is the eighth time a government-led cyber-attack has targeted civic groups and companies. According to Microsoft, the organization “mainly targets companies in the United States for the goal of exfiltrating data from a large number of industries,” was revealed last year.

 

#5. LinkedIn
LinkedIn was hit with a government investigation in June when data on 700 million of its members was scraped and shared online.

Before it was revealed by news site Privacy Sharks, who notified LinkedIn after confirming a sample of 1 million records, a member on database trading marketplace RaidForums put the data ready to sell.

“This was not a LinkedIn unauthorized access, and our review has found that no private LinkedIn user data was revealed,” LinkedIn said in a statement.

But this isn’t the first time something like this has happened. In April, data from 500 million LinkedIn members were exposed, despite the social media giant claiming that all of the information was available publicly and the result of scraping bots.

 

#6. Mimecast
A Mimecast document used to verify the cloud-based email marketing service’s Sync and Recover, Endurance Monitor, and Internal Email Protect (IEP) products to Office365 Exchange online services was hacked by a skilled cybercriminal at the beginning of the year.

According to the firm, Microsoft notified it of the intrusion, and about 10% of its clients utilized the exposed connection before being prompted to reinstall a newly issued license.

 

#7. Pixlr
A hacker also stole a database comprising 1.9-million-member records from Pixlr, a free web photo-editing program, in January.

The database was taken around the same time as another stock picture site, 123RF, was hacked, exposing over 83-million-member records. Email addresses, names, password hashes, user nationality, and newsletter subscription information are among the details that have been stolen.

 

#8. Reverb
After being dumped into the dark web in April, a database including the personal information of over 5.6 million members of the mainstream music instruments web marketplace Reverb was found.

Real names, email accounts, geographical addresses, contact information, order count, PayPal account emails, and IP addresses were all included in the database. After the data was found by a researcher and the discovery publicized on Twitter, Reverb customers started getting data breach alerts saying that user information had been compromised.

 

#9. Accellion
Accellion, a supplier of file transfer and collaboration tools, released four fixes in January to address weaknesses used by malicious attackers to attack clients via their File Transfer Appliance service. Unfortunately, ransomware organization Clop and financial crime group FIN11 leveraged the vulnerabilities before 17 consumers could apply the patch, gaining access to client data. The US Department of Health and Human Services, as well as the University of California, were among the clients that were affected.

This happened a month after Accellion identified a zero-day weakness in the same service and published a patch to remedy it.

 

#10. MeetMindful
MeetMindful’s internet dating service was compromised in January, and a 1.2GB file containing personally identifiable information (PII) from 2.28 million members was released on a well-known hacker site. According to the company’s research, the incident only impacted customers who established or modified their accounts before March 2020.

Names, email accounts, geographical information, dating interests, marital status, dates of birth, IP addresses, Bcrypt-hashed password hashes, Facebook usernames and passwords, and Facebook login tokens were among the information stolen.

 

Conclusion
Data breaches are a question of when, not if, as is frequently the case. Staying one point ahead of attackers requires ensuring the security of your consumer data. Businesses must safeguard user information and safeguard company data to avert social media data breaches. Along with improving employee awareness and updating rules on a regular basis, effective training and technology may help decrease the probability of a data breach.