Press release
Top 5 worst data breaches of 2021
By the end of this September, the total number of publicly reported breaches in 2020 was already exceeded by 17%, according to the Identity Theft Resource Center. This year, businesses big and small were affected by data breaches, leaving them grappling with reputational and fiscal losses.Below are the 5 of the worst data leaks of 2021.
#1 SocialArks (January)
400GB of data containing 318 million records of 214 million users across Facebook, Instagram, and LinkedIn social media platforms - that's the cost of an unprotected database of SocialArks, a social media management company in China.
Among the data leaked were personal and business email addresses, names, profile links, mobile numbers, locations, job roles, URLs of the social media profiles, company names, account names, and more.
The threat actors gained access via a misconfigured ElasticSearch database. In reality, they didn't have to work hard for it - the breached server was exposed to the internet unprotected by usernames or passwords.
#2 Android (May)
Data of more than 100 million Android users were exposed due to misconfigured cloud services this May.
Cybersecurity researchers unveiled that a total of 23 apps were using unsecured real-time databases, leaving their users exposed. The affected apps were downloaded anywhere from 10.000 to 10 million times.
The exposed data consisted of the users’ names, dates of birth, email addresses, genders, photos, phone numbers, even passwords and payments details. The sensitive information was public in 13 of the 23 affected apps.
“In cases like this, it is nearly impossible to determine the exact scope of the leaks,” said Juta Gurinaviciute, Chief Technology Officer at NordLayer. “Unfortunately, it is not uncommon for app developers to treat fundamental security standards while integrating third-party cloud services into their applications as an afterthought. In reality, these things are of utmost importance, and failure to do so can lead to devastating circumstances - both for developers and users.”
#3 LinkedIn (April and June)
Data scraped from hundreds of millions of LinkedIn users appeared on sale twice this year.
At first - in April - an offer to buy data of 500 million LinkedIn users appeared on the dark web. Later, in June, another database went on sale. This time, it consisted of the information of about 700 million LinkedIn’s users. At the time, this affected around 92% of the professional social network’s user base.
The database included full names, email addresses, physical addresses, phone numbers, LinkedIn usernames and URLs, professional backgrounds, and more.
Although LinkedIn wasn’t technically breached, the scraped data could be used for several malignant purposes and is as dangerous. The data was allegedly scraped by exploiting Linkedin’s API.
#4 Audi & Volkswagen (June)
A breach of an unnamed marketing service provider for the German automakers Audi and Volkswagen led to personally identifiable information of 3.3 million customers in Canada and the United States being taken. The data, regrettably, was taken from an unsecured file.
At least 90,000 of the affected people had their particularly sensitive information leaked - including but not limited to tax id numbers and account figures.
Among the data leaked, there were names, driver’s license numbers, social insurance information, dates of birth, loan numbers, emails, addresses, phone numbers, vehicle reference numbers, and other information regarding the vehicles consumers bought or inquired about, such as colors, types, and years.
“For global market leaders like Audi and Volkswagen, the cost of such incidents can get very steep,” said the NordLayer CTO. “Other businesses should learn from incidents like this and make sure every third-party service provider they are partnering with has secure information management processes in place. In the current cybersecurity climate, it is not enough to protect your databases - third-party vendors must be vetted thoroughly.”
#5 Twitch (October)
The U.S.-based video game streaming platform has suffered a data breach this October.
During the breach, more than 100 gigabytes of data was leaked, including the entirety of Twitch’s source code, software development kits used by Twitch, streamers’ revenue reports, information on other Twitch holdings, information on Vapor from Amazon Game Studios, an unreleased competitor to gaming platform Steam, console, mobile, and desktop Twitch clients, among other data.
Twitch claimed that “the incident was a result of a server configuration change that allowed improper access by an unauthorized third party.”
Luckily for the company and its users, no passwords, login credentials, credit card numbers, or bank information have been exposed.
Corporate security challenges
According to IBM's annual Cost of a Data Breach Report, compromised credentials and phishing were the most common breach causes in 2021.
"People, not software or network architecture, remain the weakest link in cybersecurity," added the NordLayer expert. "This is exactly why legacy, perimeter defense-oriented security systems are being replaced by Zero Trust security, in which every user in the network can only access resources essential to their task. In the Zero Trust paradigm, even if threat actors manage to gain access via phishing or stolen credentials, their opportunities are limited."
The aforementioned report supports the supremacy of Zero Trust security with numbers. A data breach for organizations with fully deployed Zero Trust costs $3.28 million on average, compared to $5.04 million for those not using the security model.
More information: laurynas.cesnys@nordsec.com
NordLayer is an adaptive network access security solution for modern businesses — formerly NordVPN Teams; NordLayer helps organizations of all sizes to fulfill scaling and integration challenges when building a modern secure remote access solution. Moving towards an ever-evolving SASE framework, NordLayer's solutions are quick and easy to implement with existing infrastructure, hardware-free, and designed with ease of scale in mind. NordLayer meets the varying growth pace and ad-hoc cybersecurity requirements of agile businesses and distributed workforces today. More information: www.nordlayer.com
This release was published on openPR.
Permanent link to this press release:
Copy
Please set a link in the press area of your homepage to this press release on openPR. openPR disclaims liability for any content contained in this release.
You can edit or delete your press release Top 5 worst data breaches of 2021 here
News-ID: 2514313 • Views: …
More Releases from NordLayer

New research found a 76% surge in dark web activity during the holiday season
New research from NordLayer, a multi-level network security solution for businesses, found the dark web to reach its peak during the most celebrated holidays of the year. Data shows that the number of illicit posts on various dark web forums has increased by 76% during November, December, and January when compared to the summer months.
According to Andrius Buinovskis, a cybersecurity expert at NordLayer, the dark web's peak activity during the…
More Releases for LinkedIn
Introducing "LinkedIn Marketing School": The Definitive Guide to Mastering Linke …
LOS ANGELES - Aug. 8, 2023 - Today, Market-Connections Professional Resume Writing Services is thrilled to announce the launch of "LinkedIn Marketing School," a groundbreaking eBook that unveils the secrets to harnessing the power of LinkedIn for unparalleled business growth.
LinkedIn has emerged as the go-to platform for professionals, and with "LinkedIn Marketing School," individuals and businesses can now tap into its full potential. This comprehensive guide offers a step-by-step roadmap…
LeadCRM Continues to Update LinkedIn Integration Features
LeadCRM continues to update their LinkedIn to CRM integration tool, now with integrations with more CRM tools and upcoming email finder integrations, LeadCRM is aiming to help the marketing and sales team with these new features.
LeadCRM announced the availability to connect HubSpot with LinkedIn and connect Salesforce CRM with LinkedIn feature in their current version of the Google Chrome Extension. With the LeadCRM's browser extension, users can use one-click operation…
How to delete your LinkedIn account?
How to delete LinkedIn account? Step By Step
Do you want to delete your LinkedIn account? Have you come across an old account that isn't active anymore? Do you wish to close your current account and create a new one? You'll learn how to do it with the help of this guide. For a variety of reasons, you may desire to delete your LinkedIn account. LinkedIn is different, while most social…
The Solution to the LinkedIn Hashtags Dilemma
Linkedin is the leading platform for professionals to connect with others in their industry and make connections, providing them with opportunities to meet new people, find jobs, and make partnerships. However, not everyone can live up to Linkedin's standards, even for things like hashtags - a term used on social networks as an identifying tag.
On average, millions of users on Linkedin spend up to 15 minutes searching for the perfect…
New Linkedin TeraNet PPM Showcase
We have published a new showcase in linkedin (https://www.linkedin.com/showcase/teranet-ppm-gestione-progetti-e-attivita/) related to all the features offered by the TeraNet PPM Project Management Sytem software (https://www.t-ppm.it/features-ppm-software-gestione-progetti)
WBS, teams and contacts, milestones, kanban & chat, team activity planner, calendar and activities, personal productivity, meeting management, activity monitoring and approval WF, dashboard projects, documents, help desk, active and passive invoices, APIs, single sign-on ... some of the features that are described in the new showcase
TeraNet…
LinkedIn Reports Earnings
Social media website LinkedIn reported company earnings on August 4. LinkedIn is a social networking site which is more like the professional version of Facebook. LinkedIn was created with professionals in mind and is the world’s largest professional network with over 120 million professionals.
The site allows professionals to post resumes, provide current information on contacts and industry, manage their professional identity on the internet as well as pair…