Data breaches have always been a major roadblock for companies facing cyber disasters. Due to technological advancements, security flaws are developing in existing servers that store sensitive data, making them vulnerable to cyberattacks. The problem is that they can ruin companies when they occur at their peak.
Data breaches can compromise financial information, such as credit card numbers, bank account numbers, health information, proprietary information, or any other sensitive information that affects large numbers of users. Due to this, small and large businesses continue to face serious security threats.
A company’s and a country’s economy could be seriously affected if appropriate, time-bound security fixes are not deployed. The following is a quick look at the 6 biggest breaches of 2021.
6 Biggest Breaches Of 2021
According to IBM Global studies, an incident costs a company an average of $4.24 million. According to the Identity Theft Resource Center’s 2021 Data Breach Report, 1,862 data breaches occurred in 2018, exceeding the 1108 breaches from 2020 and the 1,506 breaches from 2017. In addition, a recent survey found that the number of reported data breaches increased by 68 percent last year.
According to 2021 cyber security stats, Facebook, LinkedIn, and Instagram are the most affected by data breaches. The following list of the most significant drastic data breaches in 2021.
In a low-level hacker forum, over 533 million Facebook users’ personal information from different nations was made available for free. The breach occurred in April 2021. Personal information, including complete names, addresses, contact information, dates of birth, and other background information of Facebook users, including Facebook CEO Mark Zuckerberg, was included in the leaked material.
As reported by Business Insider, the leak was caused by the contact importer vulnerability. As soon as Facebook was hacked in 2019, it was reported that it had been fixed. Facebook claims that hackers did not infiltrate its system with computer viruses, which would compromise security measures, but instead gathered information.
The hackers have used the leaked data to commit a range of online scams, including targeted advertising, malware, fake phone calls, and email fraud. Possibly, attackers mimic users and conduct financial transactions without their knowledge or consent.
Microsoft Exchange
In March 2021, a Microsoft Exchange data breach negatively impacted over 250,000 servers from various organizations.
The attack was caused by a remote code execution (RCE) vulnerability that was actually pre-authenticated (no password required).
The attack’s origins can be traced back to weaknesses discovered earlier this year during a hacking competition. Microsoft Exchange’s pre-authenticated RCE vulnerability (on-premise version, not Office 365) was created by combining three ProxyShell exploits, according to sources.
Furthermore, the attackers installed backdoors on vulnerable servers after their successful exploitation.
The situation was disastrous because Microsoft Exchange is used in public and private organizations worldwide to manage daily mail accounts.
Parler
After Amazon Web Services deleted the platform from its servers, information about the conservative social networking app Parler having its data scraped by a hacker became public on January 11, 2021.
Ninety-nine percent of the 70TB of leaked material had EXIF metadata, including the date, time, and location information. Furthermore, users who had uploaded their driver’s license or another form of official photo identification to prove their identity had their identities disclosed to third parties.
Over 700 million, or 92 percent of LinkedIn users, had their personal information found for sale on a dark web platform in May 2021. The hackers gathered user information, including gender, LinkedIn usernames, personal details, and phone numbers. Also, home addresses, demographic data, personal and professional experience/background, other social media details, and profile URLs were included in the leaked data.
Reports state that the hacker used API scraping to carry out the attack.
Further, LinkedIn denies this and stated:
“We have investigated an alleged set of LinkedIn data that has been posted for sale and have determined that it is actually an aggregation of data from several websites and companies. It includes publicly viewable member profile data that appears to have been scraped from LinkedIn. This was not a LinkedIn data breach, and no private member account data from LinkedIn was included in what we’ve been able to review.”
Acer
In October 2021, Acer confirmed that millions of users were affected by a data breach caused by the hacker group Desorden. 60 GB of files and databases from the firms were compromised, including customer and organizational information, banking information, and financial data.
An Acer spokesperson was quoted by Hindustan Times as saying:
“We have recently detected an isolated attack on our local after-sales service system in India. Upon detection, we immediately started our security protocols and conducted a full scan of our systems. We are notifying all potentially affected customers in India,”
Pixlr
An online photo-editing tool called Pixlr, which is free to use, leaked user data of 1.9 million people on 20 January 2021 when its database was hacked. The 123RF attack at that time exposed over 83 million user records.
Among the sensitive information that was hacked are email addresses, usernames, hashed passwords, the country an individual is from, and whether or not they have subscribed to the newsletter.
Conclusion
Data breaches are on the rise due to the development of technology and industry. Several years’ worth of data on breaches at Wikipedia indicates that insecure configurations or a confluence of smaller vulnerabilities can lead to openings that attackers can use to carry out malevolent operations that threaten the entire company.