Because every business is now online, it generates plenty more data than it used to previously. Naturally, it needs to store this data somewhere. To manage the volume and availability of this data, it is stored digitally, most often up on the cloud. That’s why data has become as valuable as actual money, both for the business owners and the hackers lying in wait. Here are the 7 worst data breaches of 2021, fuelled by the Covid-19 pandemic.
Social media scam
A data breach not at an industrial corporation but on social media. The dangers as you can imagine triplicate here, because almost everyone operating a smartphone now has at least 1 or 2 social media accounts. We pour our whole lives on social media. No matter the privacy settings we enable, the need to be on all the popular channels is itself provoked by an inherent compulsion to share parts of our life which we want to showcase.
Which is all good, until it becomes a treasure for hackers to steal.
Socialarks, a Chinese social media management firm, suffered a data breach, putting the account information and personal information of 214 million social media users at risk. The data breach happened because of a vulnerability in an unprotected database. The sheer size of the data which was exposed was 400GB, including names, phone numbers, emails, social media profiles, and profile pictures, channel activity, and tagged locations. The job-related data people fill in at LinkedIn was also vulnerable.
This just goes to show how a data breach can sneak in through multiple cracks, and it is imminent that your online security covers all bases.
Volkswagen and Audi
In mid-2021, a 3rd party marketing service provider let slip personally identifiable information of 3.3 million customers of the automobile companies, Volkswagen and Audi. All of the victims of this data breach were in the USA and Canada.
The data points maintained for this particular case was a little different than the one in the previous social media breach. Here, names, addresses, emails, phone numbers, and vehicle purchase and bookkeeping information were exposed. A few driver’s licence numbers, DOBs, social security numbers, and tax details were also leaked.
This data breach has far-reaching percussions because Android apps have become a natural extension of smartphones. If there’s a data breach at the underlying platform itself, all users of the app will be victimized.
In the month of May, Android was heavily targeted by hackers. They were able to sneak past the security mechanisms due to several configuration errors of cloud services.
The personal information of over 100 million people were exposed.
The data was gathered from 23 apps’ vulnerable real-time databases. All these apps had garnered installations ranging from 10K to 10M users.
Later, it was also discovered that app developers deploying their apps on the Android Play Store do not follow the stringent security standards for handling user data.
If nothing, let this data breach serve as a warning not to install apps without checking reviews and changelogs.
A hacker illegally accessed a database containing user data of 1.9 million users of Pixlr, a web-based photo-editing program.
This could’ve been part of a pattern because around the same time (January), antoher famous stock photograph website, 123RF, was also breached.
Emails, names, credentials, and user nationality data was stolen.
Accellion is a company which offers file transfer and collaboration tools. Malicious attackers exploited vulnerabilities in their File Transfer Appliance service. The ransomware hacker group called Clop and the infamous F1N11 group victimized 17 users before Accellion detected the vulnerability and rapidly launched security patches. Important parties like the US Dept. of Health and Human Services and the University of California were among the victim.
This particular data breach stresses the true danger of zero-day attacks. The takeaway for you? Keep your applications updated!
This case easily qualifies to be included in this list of worst data breaches of 2021.
In April, Reverb, a popular music instruments e-store, had their database breached, stolen, and put on the dark web! The personal information of 5.6 million Reverb users was exposed, including names, emails, geographical and IP addresses, PayPal details, and order counts.
A security researcher happened upon the data on the dark web, and publicized the data breach on Twitter. Then Reverb customers started getting alerts that their data had been compromised.
MeetMindful is an online dating service. In January 2021, MeetMindful’s data was breached and a 1.2GB file comprising of personal information of 2.28 million users was published to a hacker site. According to MeetMindful, only users who’d setup or update their user accounts before March 2020 were victimized.
Such dating sites usually record very intimate and personal details of users, which go beyond just credentials and account details.
Having such private data exposed to strangers can be shameful and harassing.
Who is responsible?
Typically, when such incidents happen, the security practices of the victims are questioned. But as has become evident from these cases, no matter the security strictness observed by these patrons, if the service providers themselves don’t follow proper precautions, they put not only the data of its customers, but also their brand reputation on the line.
If you manage data for your customers, you are responsible for maintaining it securely. If you collect this data from your online presence, it is crucial you do a quick sanity check of your web apps to see if they’ve been compromised.
A website security assessment can help you understand what’s hiding under the hood of your website.
More IT and security resources and updates.