The Biggest Data Breaches of 2021

Twitter

Facebook

Tumblr

Buffer

Last Updated on April 8, 2021

Follow @paulsparrows

With this new project I am going to track the biggest data breaches of 2021 extracted from my cyber attack timelines, into an interactive graph with the ability to pinch and zoom the data in the chart area.

The size of the bubble (and the value of the Y-axis) measures the extension of the data breach. In order to make the chart more readable, the scale for both values is logarithmic. The balloon text on each bubble provides additional data about the breach, whose details are also available in the summary table after the chart.

No need to repeat that the data is available from public sources such as blogs and news sites, and please support my work, sharing the content, and of course follow @paulsparrows on Twitter and LinkedIn for the latest updates.

ID	Date Reported	Date Occurred	Date Discovered	Author	Target	Description	Attack	Target Class	Attack Class	Country	Link	Tags
	30/03/3021	-	During February 2021	?	MobiKwik	Private information of nearly 100 million users of the Indian mobile payments startup MobiKwik is leaked in the dark web	Misconfiguration	K Financial and insurance activities	CC	US		MobiKwik
	25/03/2021	-	25/03/2021	?	RDC	RDC, a Dutch company that provides garage and maintenance services to Dutch car owners, confirms a data breach after the personal and vehicle details of 7.5 millions of Dutch car owners are posted for sale on a well-known cybercrime forum.	Unknown	N Administrative and support service activities	CC	NL		RDC
	25/03/2021	-	26/01/2021	?	Astoria Company LLC	30M records from Astoria Company LLC, a Lead Generation company are leaked in the Darkweb.	Misconfiguration	N Administrative and support service activities	CC	US		Astoria Company LLC
	22/03/2021	During 2020	-	?	Elector Software Ltd	Hackers expose online personal details of 6.5 million Israeli voters, less than 24 hours before the country goes to the polls in the fourth election in the last two years, allegedly stolen from the Elector app.	Unknown	M Professional scientific and technical activities	H	IL		Elector Software Ltd
	04/03/2021	-	24/02/2021	?	SITA	Passenger data from multiple airlines around the world is compromised after hackers breached servers belonging to SITA.	Unknown	M Professional scientific and technical activities	CC	CH		SITA
	04/03/2021	-	-	?	Adecco Group	A user on a popular hacking forum purportedly sells the stolen credentials from 6 South American countries for the Swiss-based Adecco Group.	Misconfiguration	N Administrative and support service activities	CC	>1		Adecco Group
	01/03/2021	During August 2020	21/02/2021	?	Ticketcounter	Ticketcounter suffers a data breach after a user database containing 1.9 million unique email addresses is stolen from an unsecured staging server.	Misconfiguration	R Arts entertainment and recreation	CC	NL		Ticketcounter
	27/02/2021	-	Last week of February 2021	?	Zee5	Zee5, an Indian OTT platform with over 150 million users has a part of its userbase’s data (9 million records) leaked (again.)	Unknown	J Information and communication	CC	IN		Zee5
	26/02/2021	-	-	?	SuperVPN, GeckoVPN, ChatVPN	The data of 21 million users from 3 popular Android VPNs are leaked on a forum.	Misconfiguration	M Professional scientific and technical activities	CC	PK		SuperVPN, GeckoVPN, ChatVPN
	20/02/2021	14/02/2021	18/02/2021	?	Cashalo	Fintech platform Cashalo is hit with a data breach and the data of 3.3 million users are on sale in the dark web.	Unknown	V Fintech	CC	PH		Cashalo
	19/02/2021	-	-	?	1.4 million French Twitter users	The data of 1.4 million French Twitter users are on sale in the underground market.	Unknown	X Individual	CC	FR		Twitter
	11/02/2021	-	-	?	Vivo, Claro	Brazil's National Data Protection Authority (ANPD) starts an investigation for the exposure of data relating to more than 102 million mobile phone lines from two mobile operators, Vivo (57,2 million)and Claro (45,6 million).	Unknown	J Information and communication	CC	BR		ANPD, Vivo, Claro
	11/02/2021	-	06/02/2021	?	0 million Malaysian voters	Personal data of 10 million Malaysian voters is leaked online.	Unknown	Z Unknown	CC	MY		Malaysia
	03/02/2021	21/01/2021	31/01/2021	?	EscortReviews.com	EscortReviews.com, an online community promoting female escorts and reviews of their services suffers a data breach after a hacker downloaded the site's database.	vBulletin vulnerability	R Arts entertainment and recreation	CC	US		EscortReviews.com, vBulletin
	03/02/2021	-	26/01/2021	?	Oxfam Australia	Oxfam Australia investigates a suspected data breach after a threat actor claimed to be selling their database on a hacker forum.	Unknown	U Activities of extraterritorial organizations and bodies	CC	AU		Oxfam Australia
	02/02/2021	-	-	Singularity0x01	Multiple targets	About 3.27 billion stolen account logins are posted to the RaidForums English-language cybercrime community in a ‘COMB’ collection.	>1	Y Multiple Industries	CC	>1		COMB
	02/02/2021			Red Rabbit Team	Airtel	A hacker group, dubbed 'Red Rabbit Team' leaks the personal details of 2.5 million Airtel customers.	Unknown	J Information and communication	CC	IN		Airtel
	01/02/2021	-	19/12/2020	?	DriveSure	Over three million customers of DriveSure, a US car company have had their details compromised after a cyber-criminal posted them to a dark web forum	Unknown	N Administrative and support service activities	CC	US		DriveSure
	31/01/2021	-	-	?	Raychat	Raychat, a popular Iranian business and social messenger, exposes its entire database (267M+ accounts w/ names, emails, passwords, metadata, encrypted chats etc.), which is then destroyed by a bot attack.	Misconfiguration	S Other service activities	CC	IR		Raychat
	29/01/2021	Between November 2013 and 09/12/2020	09/12/2020	?	Florida Healthy Kids Corporation	Florida Healthy Kids Corporation posts a notice about an incident in their website attributed to Jelly Bean Communications Design	Unknown	Q Human health and social work activities	CC	US		Florida Healthy Kids Corporation
	29/01/2021	Late December 2020	25/01/2021	?	Washington's State Auditor office	Washington's State Auditor Office suffers a data breach that exposes the personal information in 1.6 million employment claims after a threat actor exploited a vulnerability in a secure file transfer service from Accellion.	Vulnerability	O Public administration and defence, compulsory social security	CC	US		Washington's State Auditor Office, Accellion
	29/01/2021	-	29/1/2021	?	Bihar Police Subordinate Services Commission (BPSSC)	Researchers from CloudSEK discover a post on a well-known database sharing forum advertising the PII of 500,000 Indian citizens.	Unknown	O Public administration and defence, compulsory social security	CC	IN		Bihar Police Subordinate Services Commission, BPSSC
	24/01/2021	-	-	ShinyHunters	MeetMindful	ShinyHunters leaks the details of more than 2.28 million users registered on MeetMindful.com.	Cloud misconfiguration	S Other service activities	CC	US		ShinyHunters, MeetMindful
	23/01/2021	-	-	?	Undisclosed French Travel Agency	An undisclosed French travel agency has its data leaked. 1.4 million records are exposed.	Unknown	R Arts entertainment and recreation	CC	FR		Undisclosed French Travel Agency
	22/01/2021	-	-	?	Santander Mexico	A database belonging to Santander Mexico is put on sale on an underground market. 1 million records are leaked.	Unknown	K Financial and insurance activities	CC	MX		Santander
	22/01/2021	-	-	?	BBVA Mexico	A database belonging to BBVA Mexico is put on sale on an underground market. 3 million records are leaked.	Unknown	K Financial and insurance activities	CC	MX		BBVA
	22/01/2021	-	-	?	IMSS	A database belonging to IMSS, a Mexican marketing firm, is put on sale on an underground market. 42 million records are leaked.	Unknown	M Professional scientific and technical activities	CC	MX		IMSS
	22/01/2021	-	-	?	Serasa	The personal information of 220 million users in Brazil, belonging to Serasa (an Experian company) is leaked in the dark web.	Unknown	K Financial and insurance activities	CC	BR		Serasa
	22/01/2021	-	20/01/2021	ShinyHunters	Bonobos	Bonobos men's clothing store suffers a massive data breach exposing millions of customers' personal information after a 70GB cloud backup of their database is downloaded and shared.	Cloud misconfiguration	G Wholesale and retail trade	CC	US		Bonobos, ShinyHunters
	22/01/2021	-	14/01/2021	?	MyFreeCams	A hacker is selling a database with login details for two million high-paying users of the MyFreeCams adult video streaming and chat service.	SQLi	R Arts entertainment and recreation	CC	US		MyFreeCams
	20/01/2021	-	21/10/2020	?	Nitro PDF	A stolen database containing the email addresses, names, and passwords of more than 77 million records of Nitro PDF service users was leaked today for free.	Unknown	M Professional scientific and technical activities	CC	US		Nitro PDF
	20/01/2021	-	-	ShinyHunters	Pixlr	ShinyHunters share a database that he claims was stolen from Pixlr while he breached the 123rf stock photo site. Pixlr and 123rf are both owned by the same company, Inmagine.	Cloud misconfiguration	S Other service activities	CC	US		ShinyHunters, Pixlr, 123rf, Inmagine
	18/01/2021	-	-	?	Capital Economics	Researchers from Cyble discover a leak of 500K+ records of C-level people from Capital Economics on a Russian-speaking forum.	SQLi	M Professional scientific and technical activities	CC	US		Capital Economics, Cyble
	15/01/2021	Between 10/10/2020 and 9/11/2020	20/11/2020	?	Hendrick Health System	Hendrick Health System notifies patients that some identifying information may have been compromised during a network security breach apparently due to a ransomware attack. 640,000 individuals are potentially affected.	Unknown	Q Human health and social work activities	CC	US		Hendrick Health System
	14/01/2021	-	18/8/2020	?	Juspay	The data of 35 million users from Juspay goes on sales in the dark web	Cloud misconfiguration	K Financial and insurance activities	CC	IN		Juspay
	14/01/2021	During 2020	-	?	Facebook	A threat actor publishes the phone numbers and account details for an estimated 533 million Facebook users —about a fifth of the entire social network’s user pool— on a publicly accessible cybercrime forum.	Unknown	J Information and communication	CC	US		Facebook
	11/01/2021	During November 2020	-	ALTDOS	3BB	ALTDOS claims to have acquired 8 million records from 3BB a broadband service provider in Thailand.	Unknown	J Information and communication	CC	TH		ALTDOS, 3BB
	10/01/2021	-	-	?	French individuals	5 million records (usernames and passwords) of French users are on sale on a black market.	Unknown	X Individual	CC	FR		France
	10/01/2021	-	-	?	Vidéotron	A threat actor claims to have leaked about 1 million records stoken by the Canadian telco company Vidèotron	Account Takeover	J Information and communication	CC	FR		Vidéotron
	04/01/2021	During 2020	During 2020	Multiple threat actors	Multiple game companies	A research from Kela reveals finds nearly 1 million compromised accounts pertaining to gaming clients and employees in the dark web, with 50% of them offered for sale.	Unknown	R Arts entertainment and recreation	CC	>1		Kela
	03/01/2021	-	End of December 2020	?	200 million records of Chinese citizens	Researchers from Cyble discover a trove of more than 200 million records of Chinese citizens for sale on the dark web. The alleged leaks could be related to Gongan County, Weibo, and QQ.	Unknown	Y Multiple Industries	CC	CN		Cyble, Gongan County, Weibo, QQ
ID	Date Reported	Date Occurred	Date Discovered	Author	Target	Description	Attack	Target Class	Attack Class	Country	Link	Tags

Popular Posts

Related Posts

This Post Has 10 Comments

Leave a Reply Cancel reply