With this new project I am going to track the biggest data breaches of 2021 extracted from my cyber attack timelines, into an interactive graph with the ability to pinch and zoom the data in the chart area.
The size of the bubble (and the value of the Y-axis) measures the extension of the data breach. In order to make the chart more readable, the scale for both values is logarithmic. The balloon text on each bubble provides additional data about the breach, whose details are also available in the summary table after the chart.
No need to repeat that the data is available from public sources such as blogs and news sites, and please support my work, sharing the content, and of course follow @paulsparrows on Twitter and LinkedIn for the latest updates.
ID
Date Reported
Date Occurred
Date Discovered
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
Tags
25/04/2021
During November 2020
08/11/2020
ShinyHunters
BigBasket
ShinyHunters leakes approximately 20 million BigBasket user records containing personal information and hashed passwords on a popular hacking forum.
Unknown
G Wholesale and retail trade
CC
IN
ShinyHunters, BigBasket
12/04/2021
During March 2021
-
?
ParkMobile
Someone is selling account information for 21 million customers of ParkMobile, a mobile parking app that’s popular in North America.
Vulnerability
N Administrative and support service activities
CC
US
ParkMobile
11/04/2021
-
-
?
Upstox
Indian stock trading firm Upstox reveals to users that it has suffered a serious security breach that may have seen unauthorised criminal access to millions of customers’ personal information.
Misconfiguration
K Financial and insurance activities
CC
IN
10/04/2021
-
-
Multiple breaches
Clubhouse
Personal data of 1.3 million Clubhouse users leaked online
Vulnerability
S Other service activities
CC
>1
Clubhouse
06/04/2021
-
06/04/2021
Multiple breaches
Linkedin
Scraped data of 500 million LinkedIn users being sold online, 2 million records leaked as proof
Unknown
S Other service activities
CC
>1
Linkedin
30/03/3021
-
During February 2021
?
MobiKwik
Private information of nearly 100 million users of the Indian mobile payments startup MobiKwik is leaked in the dark web
Misconfiguration
K Financial and insurance activities
CC
US
MobiKwik
25/03/2021
-
25/03/2021
?
RDC
RDC, a Dutch company that provides garage and maintenance services to Dutch car owners, confirms a data breach after the personal and vehicle details of 7.5 millions of Dutch car owners are posted for sale on a well-known cybercrime forum.
Unknown
N Administrative and support service activities
CC
NL
RDC
25/03/2021
-
26/01/2021
?
Astoria Company LLC
30M records from Astoria Company LLC, a Lead Generation company are leaked in the Darkweb.
Misconfiguration
N Administrative and support service activities
CC
US
Astoria Company LLC
22/03/2021
During 2020
-
?
Elector Software Ltd
Hackers expose online personal details of 6.5 million Israeli voters, less than 24 hours before the country goes to the polls in the fourth election in the last two years, allegedly stolen from the Elector app.
Unknown
M Professional scientific and technical activities
H
IL
Elector Software Ltd
04/03/2021
-
24/02/2021
?
SITA
Passenger data from multiple airlines around the world is compromised after hackers breached servers belonging to SITA.
Unknown
M Professional scientific and technical activities
CC
CH
SITA
04/03/2021
-
-
?
Adecco Group
A user on a popular hacking forum purportedly sells the stolen credentials from 6 South American countries for the Swiss-based Adecco Group.
Misconfiguration
N Administrative and support service activities
CC
>1
Adecco Group
01/03/2021
During August 2020
21/02/2021
?
Ticketcounter
Ticketcounter suffers a data breach after a user database containing 1.9 million unique email addresses is stolen from an unsecured staging server.
Misconfiguration
R Arts entertainment and recreation
CC
NL
Ticketcounter
27/02/2021
-
Last week of February 2021
?
Zee5
Zee5, an Indian OTT platform with over 150 million users has a part of its userbase’s data (9 million records) leaked (again.)
Unknown
J Information and communication
CC
IN
Zee5
26/02/2021
-
-
?
SuperVPN, GeckoVPN, ChatVPN
The data of 21 million users from 3 popular Android VPNs are leaked on a forum.
Misconfiguration
M Professional scientific and technical activities
CC
PK
SuperVPN, GeckoVPN, ChatVPN
20/02/2021
14/02/2021
18/02/2021
?
Cashalo
Fintech platform Cashalo is hit with a data breach and the data of 3.3 million users are on sale in the dark web.
Unknown
V Fintech
CC
PH
Cashalo
19/02/2021
-
-
?
1.4 million French Twitter users
The data of 1.4 million French Twitter users are on sale in the underground market.
Unknown
X Individual
CC
FR
Twitter
11/02/2021
-
-
?
Vivo, Claro
Brazil's National Data Protection Authority (ANPD) starts an investigation for the exposure of data relating to more than 102 million mobile phone lines from two mobile operators, Vivo (57,2 million)and Claro (45,6 million).
Unknown
J Information and communication
CC
BR
ANPD, Vivo, Claro
11/02/2021
-
06/02/2021
?
0 million Malaysian voters
Personal data of 10 million Malaysian voters is leaked online.
Unknown
Z Unknown
CC
MY
Malaysia
03/02/2021
21/01/2021
31/01/2021
?
EscortReviews.com
EscortReviews.com, an online community promoting female escorts and reviews of their services suffers a data breach after a hacker downloaded the site's database.
vBulletin vulnerability
R Arts entertainment and recreation
CC
US
EscortReviews.com, vBulletin
03/02/2021
-
26/01/2021
?
Oxfam Australia
Oxfam Australia investigates a suspected data breach after a threat actor claimed to be selling their database on a hacker forum.
Unknown
U Activities of extraterritorial organizations and bodies
CC
AU
Oxfam Australia
02/02/2021
-
-
Singularity0x01
Multiple targets
About 3.27 billion stolen account logins are posted to the RaidForums English-language cybercrime community in a ‘COMB’ collection.
>1
Y Multiple Industries
CC
>1
COMB
02/02/2021
Red Rabbit Team
Airtel
A hacker group, dubbed 'Red Rabbit Team' leaks the personal details of 2.5 million Airtel customers.
Unknown
J Information and communication
CC
IN
Airtel
01/02/2021
-
19/12/2020
?
DriveSure
Over three million customers of DriveSure, a US car company have had their details compromised after a cyber-criminal posted them to a dark web forum
Unknown
N Administrative and support service activities
CC
US
DriveSure
31/01/2021
-
-
?
Raychat
Raychat, a popular Iranian business and social messenger, exposes its entire database (267M+ accounts w/ names, emails, passwords, metadata, encrypted chats etc.), which is then destroyed by a bot attack.
Misconfiguration
S Other service activities
CC
IR
Raychat
29/01/2021
Between November 2013 and 09/12/2020
09/12/2020
?
Florida Healthy Kids Corporation
Florida Healthy Kids Corporation posts a notice about an incident in their website attributed to Jelly Bean Communications Design
Unknown
Q Human health and social work activities
CC
US
Florida Healthy Kids Corporation
29/01/2021
Late December 2020
25/01/2021
?
Washington's State Auditor office
Washington's State Auditor Office suffers a data breach that exposes the personal information in 1.6 million employment claims after a threat actor exploited a vulnerability in a secure file transfer service from Accellion.
Vulnerability
O Public administration and defence, compulsory social security
ShinyHunters leaks the details of more than 2.28 million users registered on MeetMindful.com.
Cloud misconfiguration
S Other service activities
CC
US
ShinyHunters, MeetMindful
23/01/2021
-
-
?
Undisclosed French Travel Agency
An undisclosed French travel agency has its data leaked. 1.4 million records are exposed.
Unknown
R Arts entertainment and recreation
CC
FR
Undisclosed French Travel Agency
22/01/2021
-
-
?
Santander Mexico
A database belonging to Santander Mexico is put on sale on an underground market. 1 million records are leaked.
Unknown
K Financial and insurance activities
CC
MX
Santander
22/01/2021
-
-
?
BBVA Mexico
A database belonging to BBVA Mexico is put on sale on an underground market. 3 million records are leaked.
Unknown
K Financial and insurance activities
CC
MX
BBVA
22/01/2021
-
-
?
IMSS
A database belonging to IMSS, a Mexican marketing firm, is put on sale on an underground market. 42 million records are leaked.
Unknown
M Professional scientific and technical activities
CC
MX
IMSS
22/01/2021
-
-
?
Serasa
The personal information of 220 million users in Brazil, belonging to Serasa (an Experian company) is leaked in the dark web.
Unknown
K Financial and insurance activities
CC
BR
Serasa
22/01/2021
-
20/01/2021
ShinyHunters
Bonobos
Bonobos men's clothing store suffers a massive data breach exposing millions of customers' personal information after a 70GB cloud backup of their database is downloaded and shared.
Cloud misconfiguration
G Wholesale and retail trade
CC
US
Bonobos, ShinyHunters
22/01/2021
-
14/01/2021
?
MyFreeCams
A hacker is selling a database with login details for two million high-paying users of the MyFreeCams adult video streaming and chat service.
SQLi
R Arts entertainment and recreation
CC
US
MyFreeCams
20/01/2021
-
21/10/2020
?
Nitro PDF
A stolen database containing the email addresses, names, and passwords of more than 77 million records of Nitro PDF service users was leaked today for free.
Unknown
M Professional scientific and technical activities
CC
US
Nitro PDF
20/01/2021
-
-
ShinyHunters
Pixlr
ShinyHunters share a database that he claims was stolen from Pixlr while he breached the 123rf stock photo site. Pixlr and 123rf are both owned by the same company, Inmagine.
Cloud misconfiguration
S Other service activities
CC
US
ShinyHunters, Pixlr, 123rf, Inmagine
18/01/2021
-
-
?
Capital Economics
Researchers from Cyble discover a leak of 500K+ records of C-level people from Capital Economics on a Russian-speaking forum.
SQLi
M Professional scientific and technical activities
CC
US
Capital Economics, Cyble
15/01/2021
Between 10/10/2020 and 9/11/2020
20/11/2020
?
Hendrick Health System
Hendrick Health System notifies patients that some identifying information may have been compromised during a network security breach apparently due to a ransomware attack. 640,000 individuals are potentially affected.
Unknown
Q Human health and social work activities
CC
US
Hendrick Health System
14/01/2021
-
18/8/2020
?
Juspay
The data of 35 million users from Juspay goes on sales in the dark web
Cloud misconfiguration
K Financial and insurance activities
CC
IN
Juspay
14/01/2021
During 2020
-
?
Facebook
A threat actor publishes the phone numbers and account details for an estimated 533 million Facebook users —about a fifth of the entire social network’s user pool— on a publicly accessible cybercrime forum.
Unknown
J Information and communication
CC
US
Facebook
11/01/2021
During November 2020
-
ALTDOS
3BB
ALTDOS claims to have acquired 8 million records from 3BB a broadband service provider in Thailand.
Unknown
J Information and communication
CC
TH
ALTDOS, 3BB
10/01/2021
-
-
?
French individuals
5 million records (usernames and passwords) of French users are on sale on a black market.
Unknown
X Individual
CC
FR
France
10/01/2021
-
-
?
Vidéotron
A threat actor claims to have leaked about 1 million records stoken by the Canadian telco company Vidèotron
Account Takeover
J Information and communication
CC
FR
Vidéotron
04/01/2021
During 2020
During 2020
Multiple threat actors
Multiple game companies
A research from Kela reveals finds nearly 1 million compromised accounts pertaining to gaming clients and employees in the dark web, with 50% of them offered for sale.
Unknown
R Arts entertainment and recreation
CC
>1
Kela
03/01/2021
-
End of December 2020
?
200 million records of Chinese citizens
Researchers from Cyble discover a trove of more than 200 million records of Chinese citizens for sale on the dark web. The alleged leaks could be related to Gongan County, Weibo, and QQ.
Hi paolo! this is impressive to a beginner like me. I would like to know if you used any automated tools for data collection or did you compile them by hand.
Hi Paolo, Indeed very good work. Thanks for all the effort you put in and sharing the data! I am quoting and referencing your work. Could you please confirm that you are using ISO2A country code?
Uhm, interesting. It’s sad all this happened in just three months. Those are too many breaches. Security is still too weak, or malicious hackers are too strong. That’s not good.
Hi Paolo! Really great work on these data! I’m sure I will use your dynamic chart in my next presentations, obviously providing the source. Have a nice day!
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.Ok
Hi paolo! this is impressive to a beginner like me.
I would like to know if you used any automated tools for data collection or did you compile them by hand.
For the moment the process is manual, but I have some plans for the future…
Hi Paolo, Indeed very good work. Thanks for all the effort you put in and sharing the data! I am quoting and referencing your work.
Could you please confirm that you are using ISO2A country code?
Thanks Sandhya. Yes I use the ISO2A country code, but there might be some corrections (for example I use UK instead of GB).
Uhm, interesting. It’s sad all this happened in just three months. Those are too many breaches. Security is still too weak, or malicious hackers are too strong. That’s not good.
Pingback: Veille Cyber N323 – 22 février 2021 |
Hi Paolo,
thanks for this article!
One mistake, the link (follow @paulsparrows on Twitter…) to your twitter profile is incorrect! 😉
Andrea,
thanks for letting me know!
Hi Paolo! Really great work on these data! I’m sure I will use your dynamic chart in my next presentations, obviously providing the source. Have a nice day!
Thanks Franco! Glad you appreciate my work, and most importantly find it useful… You will need a large slide, I predict a large chart…