Almost six billion accounts had their credentials compromised during data breaches over the last year, according to a report released last week by Atlas VPN.
The record-breaking year of breaches reinforces the need for both businesses and individuals to make use of password managers and other security provisions to secure login information and other account credentials.
2021: The Year of the Breach
According to Atlas VPN, who authored the report, the first quarter of 2021 was one of the most successful periods for hackers on record, with over 4 billion accounts breached.
This is largely due to the ‘compilation of many breaches (COMB)’ – thought to be the biggest data breach of all time – which saw 3.2 billion “unique cleartext email and password combinations” leaked at the same time.
Data courtesy of Atlas VPN
The following quarter saw another 1.42 billion accounts leaked. Q3 and Q4, on the other hand, were comparatively quiet, featuring 357 million and 93 million account breaches respectively.
Surfshark, another VPN provider, produced a report on Data Breaches in December 2021. They found that US citizens were the most likely people to be victims of data breaches on the planet. In total, 212.4M users affected were affected in 2021, a 22% increase from 2020.
Lots of Leaks, but Few Sources
A large proportion of the leaked information comes from just a handful of sites and organizations, with over 1.6 billion of the leaked accounts coming from just four sources.
Huge reams of Facebook user data were also leaked on a hacking forum last year, relating to over half a billion users.
Information relating to almost all LinkedIn accounts – 93% to be exact – was leaked on the dark web in June. Details included email addresses, full names, phone numbers, geolocation records, career information, and other data linked to around 700 million users.
Brazil’s health ministry was another culprit. Data relating to around 220 million Brazilians – some of who had passed away – was up for sale on the dark web.
This includes, according to Atlas VPN, “names, unique tax identifiers, facial images, addresses, phone numbers, email, credit score, salary, and other information.”
Along with COMB, in Q1, personal information from “approximately 214 million Facebook, Instagram, and LinkedIn users” was leaked in a data breach of SocialArks, a Chinese social media agency. The breach consisted of around 400GB of personal and private data.
What is the COMB?
The ‘Compilation of Many Breaches’ still stands as the single biggest dump of stolen personal information made publicly available. It was released on a popular online forum frequented by hackers by a single individual, accessible for just $2.
Released in February 2021, 3.2 billion unique usernames and passwords were included in the compilation. It was built on a breach compilation of 1.4 billion records along with others from previous breaches.
Although still serious, some fellow hackers complained that the release was anti-climactic, dubbing much of the data ‘low quality’. Other sources report that many of the files were corrupted.
Protect Yourself – Because no one Else Will
Atlas VPN points out, quite rightly, that the 5.9 billion figure is likely a lot lower than the actual figure. A lot of data breaches go unreported, and with others that are, sometimes it’s not possible to know the full scale of a breach.
Regularly changing your password and using a password manager to manage your account credentials are two steps you can take to ensure that, even if other data about you is posted online (e.g. a username or phone number), it’ll be difficult for someone to actually access your social media or other personal accounts.
Businesses must take similar steps to protect both employee information as well as any information they hold on customers and clients – IBM estimated in its 2021 “Cost of a Data Breach” report that the average data breach now costs businesses around $4 million.
You can find out if your data has been exposed using Atlas VPN’s Data Breach Monitor, as well as using websites like haveibeenpwned.com, which will crawl publicly available databases of breached accounts looking for your email addresses and phone numbers.