When you thought the world couldn’t get any more hectic, 2021 came into the picture holding hands with its enemy – hackers. Flashback to 2020’s first quarter of the year, hackers managed to steal 8.4 billion records. Fast forward to today, and already 1.3 trillion users have been affected by data leaks in the first 4 months of the year.
Keep reading to get the full scoop of recent data breaches in 2021, including VPN providers, a charity organization, and even a dating site. Cue!
Facebook, 533 million users – April 3, 2021
Data stolen: phone numbers, Facebook IDs, full names, locations, birthdates, bios, and – in some cases – email addresses.
Taking the main stage is Mr. Zuckerberg’s creation. The world’s most populous social network supports almost 1,8 billion daily active users. That means they have a lot on their plate – which is the perfect meal for hackers. This time they stole data from 533 million users via a vulnerability (a.k.a. weak point in the company’s infrastructure) that was “fixed” back in 2019. These hackers took hacking a company to a whole ‘nother level.
Linkedin, 500 million users – April 6, 2021
Data stolen: full names, email addresses, phone numbers, workplace information, and other work-related data.
500 million hopeful users were targeted by the hacker group, also known as the Golden Chickens. Due to the surge in employment-seeking individuals during the pandemic, the Golden Chickens mainly went for professionals in the healthcare technology industry.
As cocky hackers do, they posted job offers on Linkedin containing a sophisticated backdoor Trojan virus. They did this by sneaking in a malware called “more_eggs” to attachments in their job offers. Once individuals opened these attachments, the virus was automatically installed, giving the Golden Chickens remote control over a user’s computer.
Sociallarks, over 200 million users – January 2021
Data stolen: names, phone numbers, email addresses, profile descriptions, follower and engagement data, locations, LinkedIn profile links, connected social media account login names.
What do you get when you cross web-scraping and this Chinese data-management firm? Apart from a confused person, you get a poorly secured database, resulting in a data breach.
Hackers exposed 200 million users’ profiles, including celebrity ones, in this leak. Additionally, researchers from Safety Detectives found that the way this company gathered data went against rules on platforms like Facebook, Instagram, and others. So, who’s really at fault?
ParkMobile, 21 million users – April 16, 2021
Data stolen: customer email addresses, date of birth, phone numbers, license plate numbers, hashed passwords, and mailing addresses.
Nobody likes getting parking tickets. Let alone paying the price for a data breach – not literally, but still. Hackers mercilessly stole data from 21 million users via a “vulnerability in third-party apps employed by them [ParkMobile].”
The company claimed that “no sensitive data or Payment Card Information, which we encrypt, was affected.” Luckily, passwords were blurred using a resource-intensive and expensive-to-crack algorithm called bcrypt. Users were assured that the company takes extra steps to either keep all sensitive information safe or not ask for it in the first place. Phew!
Super VPN, 20 million users – March 2021
Data stolen: email addresses, usernames, full names, country names, randomly generated password strings, payment-related data, premium member status and its expiration date.
SuperVPN is the #1 most downloaded VPN in the Android space. Yes, it’s a VPN company, and yes, it got hacked – for the second time. Almost 20M users lost their data this time around, and apparently, the VPN service has been logging sensitive device information. Oof, so much for privacy and security… So, the next time someone tells you off for paying for a VPN service, show them this story.
Reverb, 5.6 million users – April 24, 2021
Data stolen: customers’ names, addresses, phone numbers, and email addresses.
The online marketplace for new, used, and vintage music gear recently had its database exposed for a short period of time. This was found by the researcher, Bob Diachenko, who was able to identify it and immediately notify the company. By the time this information was confirmed, the “site had already secured the database.” Diachenko did not know who was managing that database and Reverb didn’t comment on it either.
Out of the 5.6 million users affected, celebrity sellers like a member from Black Sabbath, Nine Inch Nails, Smashing Pumpkins, and others were exposed.
MeetMindful, 2.28 million users – January 24, 2021
Data stolen: real names, email addresses, city, state, and ZIP details, body details, dating preferences, marital status, birth dates, latitude and longitude, IP addresses, bcrypt-hashed account passwords, Facebook user IDs, Facebook authentication tokens
“The more, the merrier” isn’t true for everyone when dating, except these hackers. Let’s just say they’re as well-known as Brad Pitt but in the cyber world. Anyway, one person wasn’t enough for ShinyHunters, so they chose to take information from 2.28M users instead and post it for free on a hacker forum. Neither MeetMindful nor ShinyHunters responded when asked to comment about the data breach. It seems like their hunting time has come to an end…
Pixlr, 1.9 million users – January 20, 2021
Data stolen: email addresses, login names, SHA-512 hashed passwords, a user’s country, whether they signed up for the newsletter, and other internal information.
Earlier this year, the photo editing platform Pixlr also became the victim of a (not Facebook-massive) massive data breach. Unfortunately, just a dating site didn’t satisfy the hungry ShinyHunters. In this data breach, they managed to steal information from almost 1.9M users. Then they uploaded it for free on a forum for others to download and use. For the curious ones, the leaked data looks a little something like this.
Bonobos, 1.86 million users – January 22, 2021
Data stolen: customers’ addresses, phone numbers, partial credit card numbers (last four digits), order information, password histories, 70 GB SQL file containing various internal tables used by the Bonobos website.
You’d think someone goes to a men’s clothing store for, well, men’s clothes, right? But, not these fashionista hackers. After taking data from a dating site and picture editing app, ShinyHunters made their way to this clothing store (I think they’ve got the whole dating thing going on backward). This time they stole 70 GB of the store’s database, backup data from the cloud, and posted 1.86M users’ data for free on forums.
So, when I say they’re notorious, I mean it. In just a couple of months, they managed to target three major companies and probably won’t stop there…
Ticketcounter, 1.85 million users – March 1, 2021
Data stolen: full names, email addresses, phone numbers, IP addresses, and hashed passwords.
Winning the lottery isn’t as exciting as stealing data from 1.85 million Ticketcounter users. At least not for this hacker. He managed to steal data from this Dutch e-ticketing platform and had the nerve to ask for compensation.
The hacker mentioned being okay with that because they had “no fear of law enforcement.” Though Ticketcounter did inform its users and partners of the leak to prevent further damage, the angry hacker posted all the stolen data on free forums after not receiving his 7 bitcoins.
Oxfam Australia, 1.7 million users – March 2, 2021
Data stolen: unique email addresses, names, phone numbers, physical addresses, genders, and dates of birth, in a few cases partial credit card data, donation histories may have also been exposed.
What’s worse than stealing candy from a child? Nothing, that’s terrible, you shouldn’t do it. But stealing from a charity is a close second. Working towards creating a world without poverty or inequality is exactly what Oxfam charity does best. Unfortunately, that didn’t stop a conscious-less hacker from stealing their database. As a result, 1.7M donors got their personal information leaked, and in some cases, even partial credit card numbers were exposed.
Clubhouse, 1.3 million users – April 10, 2021
Data stolen: user ID, name, photo URL, username, Twitter handle, Instagram handle, number of followers, number of people followed by the user, account creation date, invited by user profile name.
Last but not least is the tasty leak from the app that had everyone searching for an invite just to listen to strangers conversing about something! Jokes aside, 1.3M user records were leaked on a popular hacker forum for free. Here’s where it gets interesting: the app claims that the data is available to the public anyway, so the leak was “misleading and false.”
How you can protect your accounts from being hacked
Protecting your information is super important and, at the same time, very easy. All you have to do is make sure to:
- Use strong and unique passwords for every account.
- Change your passwords regularly (every 3-4 months).
- Keep all passwords safe in a password manager.
- Always use 2FA (two-factor authentication).
- Double-check attachments/links sent via email or DM.
- Check the sender/message when receiving any urgent requests.
- BONUS: Check for any breached accounts via the Surfshark Alert tool.
I can hear you now: “So what if hackers have my information from data leaks? It’s not like I have anything to hide or something.” The point isn’t if you do or don’t have anything to hide. It’s the fact that hackers (especially skilled ones) can end up figuring out what other services you use with the same credentials.
For example, if your online banking uses an email that was previously leaked, a hacker can use it to find out other login details for different accounts (social media, email, etc.). Then you might face the horrors of identity theft, fraud, financial theft, and lots more.
While you can’t prevent a hacker from doing cyber attacks, you can educate yourself more on how to keep personal info safe, watch out for phishing scams, and more in our blog. No matter what, it’s best to play it safe from the very beginning and avoid this game of cat and mouse with heartless hackers.