5.9 Billion Accounts Targeted In Data Breaches Last Year

Atlas VPN's report will be concerning for businesses and individuals alike, with personal data being leaked at record rates.
Aaron Drapkin

Almost six billion accounts had their credentials compromised during data breaches over the last year, according to a report released last week by Atlas VPN. 

The record-breaking year of breaches reinforces the need for both businesses and individuals to make use of password managers and other security provisions to secure login information and other account credentials. 

2021: The Year of the Breach

According to Atlas VPN, who authored the report, the first quarter of 2021 was one of the most successful periods for hackers on record, with over 4 billion accounts breached. 

This is largely due to the ‘compilation of many breaches (COMB)’ – thought to be the biggest data breach of all time – which saw 3.2 billion “unique cleartext email and password combinations” leaked at the same time. 

Data courtesy of Atlas VPN

The following quarter saw another 1.42 billion accounts leaked. Q3 and Q4, on the other hand, were comparatively quiet, featuring 357 million and 93 million account breaches respectively. 

Surfshark, another VPN provider, produced a report on Data Breaches in December 2021. They found that US citizens were the most likely people to be victims of data breaches on the planet. In total, 212.4M users affected were affected in 2021, a 22% increase from 2020.

Lots of Leaks, but Few Sources 

A large proportion of the leaked information comes from just a handful of sites and organizations, with over 1.6  billion of the leaked accounts coming from just four sources. 

Huge reams of Facebook user data were also leaked on a hacking forum last year, relating to over half a billion users

Information relating to almost all LinkedIn accounts – 93% to be exact – was leaked on the dark web in June. Details included email addresses, full names, phone numbers, geolocation records, career information, and other data linked to around 700 million users. 

Brazil’s health ministry was another culprit. Data relating to around 220 million Brazilians – some of who had passed away – was up for sale on the dark web. 

This includes, according to Atlas VPN, “names, unique tax identifiers, facial images, addresses, phone numbers, email, credit score, salary, and other information.”

Along with COMB, in Q1, personal information from “approximately 214 million Facebook, Instagram, and LinkedIn users” was leaked in a data breach of SocialArks, a Chinese social media agency. The breach consisted of around 400GB of personal and private data. 

What is the COMB?

The ‘Compilation of Many Breaches’ still stands as the single biggest dump of stolen personal information made publicly available. It was released on a popular online forum frequented by hackers by a single individual, accessible for just $2. 

Released in February 2021, 3.2 billion unique usernames and passwords were included in the compilation. It was built on a breach compilation of 1.4 billion records along with others from previous breaches. 

Although still serious, some fellow hackers complained that the release was anti-climactic, dubbing much of the data ‘low quality’. Other sources report that many of the files were corrupted. 

Protect Yourself – Because no one Else Will

Atlas VPN points out, quite rightly, that the 5.9 billion figure is likely a lot lower than the actual figure. A lot of data breaches go unreported, and with others that are, sometimes it’s not possible to know the full scale of a breach. 

Regularly changing your password and using a password manager to manage your account credentials are two steps you can take to ensure that, even if other data about you is posted online (e.g. a username or phone number), it’ll be difficult for someone to actually access your social media or other personal accounts. 

Businesses must take similar steps to protect both employee information as well as any information they hold on customers and clients – IBM estimated in its 2021 “Cost of a Data Breach” report that the average data breach now costs businesses around $4 million.

You can find out if your data has been exposed using Atlas VPN’s Data Breach Monitor, as well as using websites like haveibeenpwned.com, which will crawl publicly available databases of breached accounts looking for your email addresses and phone numbers. 

Did you find this article helpful? Click on one of the following buttons
We're so happy you liked! Get more delivered to your inbox just like it.

We're sorry this article didn't help you today – we welcome feedback, so if there's any way you feel we could improve our content, please email us at contact@tech.co

Aaron Drapkin is a Senior Writer at Tech.co. He has been researching and writing about technology, politics, and society in print and online publications since graduating with a Philosophy degree from the University of Bristol three years ago. As a writer, Aaron takes a special interest in VPNs and project management software. He has been quoted in the Daily Mirror, Daily Express, The Daily Mail, Computer Weekly, and the Silicon Republic speaking on various privacy and cybersecurity issues, and has articles published in Wired, Vice, Metro, The Week, and Politics.co.uk covering a wide range of topics.

Explore More See all news
close Thinking about your online privacy? NordVPN is Tech.co's top-rated VPN service See Deals