A massive 530 million of the most significant breaches during the past year were emails, while 25% of the breaches included phone numbers.
Privacy protection company Surfshark analyzed 5,3-billion data points from the most significant breaches of the past year, including Facebook, Wattpad and Raychat, and uncovered how they differ in scale, density and which types of personal information were leaked the most.
The past year has seen eight major security leaks from big company names, resulting in 5,3-billion data points leaked and 1 billion users affected. The three most extensive data sets belonged to Facebook (533-million users), Wattpad (270-million users) and Raychat (150-million users). Although Facebook had the biggest amount and highest variance of data points, Wattpad’s data breach had the densest loss (six data points per user).
Overall, 1-billion users were affected throughout all eight breaches.
The most commonly breached data points (10% of total records each): emails, phone numbers, first and last names, gender.
Parkmobile.us, SuperVPN, GeckoVPN, ChatVPN, Pixlr.com, and Raychat.io were among the most sensitive data breaches, as close to 100% of users lost their emails and passwords hashes.
A significant 25% of examined breaches had leaked phone numbers; password hashes got leaked in seven out of eight breaches (in all cases except Facebook’s); and both LinkedIn scrapes in April and July 2021 affected 500-million users each.
“Sharing a person’s full name, email address, and phone number publicly is often perceived as a harmless act,” says Vytautas Kaziukonis, CEO of Surfshark. “However, once this data is breached or scraped, criminals can use it in various illegal schemes, such as phishing emails, fake bank calls, and even identity theft.”
Even though half of the analyzed data sets were given away to the public for free, one the most sensitive data sets of 2020 – ParkMobile, which included users’ full names, phone numbers and emails – was worth $125.00 for the data of 21-million users. However, in other cases, hackers made money from the data that was not even breached but scraped – as is evident in the recent April and July’s Linkedin scraping incidents, which affected 500-million users each.
According to the study, data scraping raises deep concerns, even though it does not involve hacking techniques. For example, in all eight data breaches combined, physical addresses made up only 0,002% compared to a whopping 8,92% on April’s Linkedin data scrape alone. With various scraping tools available online, the safety of the data that people publish online lies in the hands of users themselves.