Almost 6 billion accounts affected in data breaches in 2021
The year 2021 was record-breaking in terms of the sheer size of data breaches. According to the data collected and analyzed by the Atlas VPN team, 5.9 billion accounts were affected by data breaches throughout 2021.
Compilation of many Breaches (COMB) alone exposed personal information related to 3.2 billion online accounts, making it the biggest data leak of all-time.
Atlas VPN has retrieved and calculated the numbers of breached accounts based on multiple publicly available sources. The report includes worldwide data breaches that took place from January 1st, 2021, to December 31st, 2021.
Overview of 2021 statistics
The very first quarter of 2021 was the most successful for hackers. In total, 4 billion accounts were breached in Q1 2021. In Q2, the number of accounts affected by data leaks dropped 65% to 1.4 billion. Meanwhile, the second half of the year saw significantly fewer account breaches. Overall, 357 million and 93 million accounts were affected by data leaks in Q3 and Q4.
The most affected platforms
Let's take a closer look at the top five most significant data leaks behind the majority of affected accounts in 2021. According to our report, more than 5 billion personal records were exposed in Q1 of 2021.
February saw the biggest data breach of all time — COMB, or in other words, the Compilation of Many Breaches, which is responsible for the leak of a whopping 3.2 billion unique cleartext email and password combinations.
The breach was named this way because it is not a result of a single hack of a specific organization but rather combines leaked data from a number of different breaches spanning five years, including Netflix, LinkedIn, and others. The breached data was first offered for sale on RaidForums, an underground database sharing and marketplace forum, for just $2 in February.
LinkedIn user data was again exposed in another massive data dump in June. Records of 700 million users, which made up around 93% of LinkedIn's entire user database, were offered for sale on the dark web. The leaked data includes user email addresses, full names, phone numbers, physical addresses, geolocation records, genders, personal and professional experience, and more.
LinkedIn emphasized that the data dump was not a result of an actual data breach but rather a data scraping event. Still, data scraping was possible due to flaws with LinkedIn's own API. In April, the company also faced a similar incident when data from 500 million users was posted online. However, the company claims the user information shared in both incidents is the same.
In addition to LinkedIn, Facebook also experienced an information leak in 2021 due to scraping. In April, the personal information of 533 million Facebook users from 106 countries was published on a hacking forum. The leaked information includes phone numbers, full names, locations, email addresses, and users' biographical information. Facebook claims the data leak is a result of an old vulnerability that was patched in 2019.
The fourth place on the list is occupied by another record-breaking leak that exposed data of 220 million Brazilians, including those already deceased. The leak of this scale is the biggest in Brazilian history. In January, the breached data was discovered on a dark web forum and contained names, unique tax identifiers, facial images, addresses, phone numbers, email, credit score, salary, and other information.
Next up is SocialArks, a Chinese social media agency, which suffered a data breach in January. The data leak stemmed from cloud misconfiguration that exposed over 400 GB of personal information from approximately 214 million Facebook, Instagram, and LinkedIn users, including names, country of residence, contact information, the position of work, subscriber data, and profile links.
Final notes
It is important to note that the total amount of accounts affected by data leaks in 2021 is likely much higher as many breaches have not been disclosed and the impact of some breaches remains unknown.
In 2020, Atlas VPN reported 300 million individuals from the US that had fallen victim to data leaks in 2020.
Check out Atlas VPN Data Breach Monitor to find out whether your information has been exposed in a data breach.
