openPR Logo
Press release

Top 5 worst data breaches of 2021

12-30-2021 03:32 PM CET | IT, New Media & Software

Press release from: NordLayer

By the end of this September, the total number of publicly reported breaches in 2020 was already exceeded by 17%, according to the Identity Theft Resource Center. This year, businesses big and small were affected by data breaches, leaving them grappling with reputational and fiscal losses.

Below are the 5 of the worst data leaks of 2021.

#1 SocialArks (January)

400GB of data containing 318 million records of 214 million users across Facebook, Instagram, and LinkedIn social media platforms - that's the cost of an unprotected database of SocialArks, a social media management company in China.

Among the data leaked were personal and business email addresses, names, profile links, mobile numbers, locations, job roles, URLs of the social media profiles, company names, account names, and more.

The threat actors gained access via a misconfigured ElasticSearch database. In reality, they didn't have to work hard for it - the breached server was exposed to the internet unprotected by usernames or passwords.

#2 Android (May)

Data of more than 100 million Android users were exposed due to misconfigured cloud services this May.

Cybersecurity researchers unveiled that a total of 23 apps were using unsecured real-time databases, leaving their users exposed. The affected apps were downloaded anywhere from 10.000 to 10 million times.

The exposed data consisted of the users’ names, dates of birth, email addresses, genders, photos, phone numbers, even passwords and payments details. The sensitive information was public in 13 of the 23 affected apps.

“In cases like this, it is nearly impossible to determine the exact scope of the leaks,” said Juta Gurinaviciute, Chief Technology Officer at NordLayer. “Unfortunately, it is not uncommon for app developers to treat fundamental security standards while integrating third-party cloud services into their applications as an afterthought. In reality, these things are of utmost importance, and failure to do so can lead to devastating circumstances - both for developers and users.”

#3 LinkedIn (April and June)

Data scraped from hundreds of millions of LinkedIn users appeared on sale twice this year.

At first - in April - an offer to buy data of 500 million LinkedIn users appeared on the dark web. Later, in June, another database went on sale. This time, it consisted of the information of about 700 million LinkedIn’s users. At the time, this affected around 92% of the professional social network’s user base.

The database included full names, email addresses, physical addresses, phone numbers, LinkedIn usernames and URLs, professional backgrounds, and more.

Although LinkedIn wasn’t technically breached, the scraped data could be used for several malignant purposes and is as dangerous. The data was allegedly scraped by exploiting Linkedin’s API.

#4 Audi & Volkswagen (June)

A breach of an unnamed marketing service provider for the German automakers Audi and Volkswagen led to personally identifiable information of 3.3 million customers in Canada and the United States being taken. The data, regrettably, was taken from an unsecured file.

At least 90,000 of the affected people had their particularly sensitive information leaked - including but not limited to tax id numbers and account figures.
Among the data leaked, there were names, driver’s license numbers, social insurance information, dates of birth, loan numbers, emails, addresses, phone numbers, vehicle reference numbers, and other information regarding the vehicles consumers bought or inquired about, such as colors, types, and years.

“For global market leaders like Audi and Volkswagen, the cost of such incidents can get very steep,” said the NordLayer CTO. “Other businesses should learn from incidents like this and make sure every third-party service provider they are partnering with has secure information management processes in place. In the current cybersecurity climate, it is not enough to protect your databases - third-party vendors must be vetted thoroughly.”

#5 Twitch (October)

The U.S.-based video game streaming platform has suffered a data breach this October.

During the breach, more than 100 gigabytes of data was leaked, including the entirety of Twitch’s source code, software development kits used by Twitch, streamers’ revenue reports, information on other Twitch holdings, information on Vapor from Amazon Game Studios, an unreleased competitor to gaming platform Steam, console, mobile, and desktop Twitch clients, among other data.

Twitch claimed that “the incident was a result of a server configuration change that allowed improper access by an unauthorized third party.”

Luckily for the company and its users, no passwords, login credentials, credit card numbers, or bank information have been exposed.

Corporate security challenges

According to IBM's annual Cost of a Data Breach Report, compromised credentials and phishing were the most common breach causes in 2021.

"People, not software or network architecture, remain the weakest link in cybersecurity," added the NordLayer expert. "This is exactly why legacy, perimeter defense-oriented security systems are being replaced by Zero Trust security, in which every user in the network can only access resources essential to their task. In the Zero Trust paradigm, even if threat actors manage to gain access via phishing or stolen credentials, their opportunities are limited."

The aforementioned report supports the supremacy of Zero Trust security with numbers. A data breach for organizations with fully deployed Zero Trust costs $3.28 million on average, compared to $5.04 million for those not using the security model.

More information: laurynas.cesnys@nordsec.com

NordLayer is an adaptive network access security solution for modern businesses — formerly NordVPN Teams; NordLayer helps organizations of all sizes to fulfill scaling and integration challenges when building a modern secure remote access solution. Moving towards an ever-evolving SASE framework, NordLayer's solutions are quick and easy to implement with existing infrastructure, hardware-free, and designed with ease of scale in mind. NordLayer meets the varying growth pace and ad-hoc cybersecurity requirements of agile businesses and distributed workforces today. More information: www.nordlayer.com

This release was published on openPR.

Permanent link to this press release:

Copy
Please set a link in the press area of your homepage to this press release on openPR. openPR disclaims liability for any content contained in this release.

You can edit or delete your press release Top 5 worst data breaches of 2021 here

News-ID: 2514313 • Views:

More Releases for LinkedIn

How to delete your LinkedIn account?
How to delete LinkedIn account? Step By Step Do you want to delete your LinkedIn account? Have you come across an old account that isn't active anymore? Do you wish to close your current account and create a new one? You'll learn how to do it with the help of this guide. For a variety of reasons, you may desire to delete your LinkedIn account. LinkedIn is different, while most social
The Solution to the LinkedIn Hashtags Dilemma
Linkedin is the leading platform for professionals to connect with others in their industry and make connections, providing them with opportunities to meet new people, find jobs, and make partnerships. However, not everyone can live up to Linkedin's standards, even for things like hashtags - a term used on social networks as an identifying tag. On average, millions of users on Linkedin spend up to 15 minutes searching for the perfect
New Linkedin TeraNet PPM Showcase
We have published a new showcase in linkedin (https://www.linkedin.com/showcase/teranet-ppm-gestione-progetti-e-attivita/) related to all the features offered by the TeraNet PPM Project Management Sytem software (https://www.t-ppm.it/features-ppm-software-gestione-progetti) WBS, teams and contacts, milestones, kanban & chat, team activity planner, calendar and activities, personal productivity, meeting management, activity monitoring and approval WF, dashboard projects, documents, help desk, active and passive invoices, APIs, single sign-on ... some of the features that are described in the new showcase TeraNet
LinkedIn Reports Earnings
Social media website LinkedIn reported company earnings on August 4. LinkedIn is a social networking site which is more like the professional version of Facebook. LinkedIn was created with professionals in mind and is the world’s largest professional network with over 120 million professionals. The site allows professionals to post resumes, provide current information on contacts and industry, manage their professional identity on the internet as well as pair
LinkedIn Spicing-Up Its Mobile Application
The most popular business social network LinkedIn already has its mobile application and on Tuesday morning a spiced-up application with more features is released. This adds positive impact to the reputation of the only popular business social network. LinkedIn is one social network where companies regardless of whether a company is a software development company or an IT outsourcing company creates their profile and acquire an online presence with positive reputation.
Official Almeda University Alumni LinkedIn Group Launched
Almeda University Announces: Congratulations to our Official Almeda University Alumni LinkedIn Group. It was launched on February 25, 2011, by the end of the week we had over 1,000 members registered. It is becoming the place for discussion and viewpoints on Life Experience Education. Our Alumni group can feel comfortable to share beliefs and success stories with their peers. They know they can find camaraderie and inspiration