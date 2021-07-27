Top 8 Recent Privacy Breaches Analyzed: Full names, Emails and Phone Numbers Stolen Most Often

July 2021 by Surfshark

Privacy protection company Surfshark analyzed 5.3 billion data points from the most significant breaches of the past year, including Facebook, Wattpad and Raychat, and uncovered how they differ in scale, density and which types of personal information were leaked the most. The research shows that a striking 530 million records were emails while 25% of the breaches included phone numbers. Overall, 1 billion users were affected throughout all 8 breaches.

Key takeaways:

Most commonly breached data points (10% of total records each): emails, phone numbers, first and last names, gender.

Parkmobile.us, SuperVPN, GeckoVPN, ChatVPN, Pixlr.com, and Raychat.io were among the most sensitive data breaches, as close to 100% of users lost their emails and passwords hashes.

25% of examined breaches had leaked phone numbers.

Password hashes got leaked in 7 out of 8 breaches (in all cases except Facebook’s).

Both LinkedIn scrapes in April and July 2021 affected 500 million users each.

The past year has seen eight major security leaks from big company names, resulting in 5.3 billion data points leaked and 1 billion users affected. The three most extensive data sets belonged to Facebook (533 million users), Wattpad (270 million users) and Raychat (150 million users). Although Facebook had the biggest amount and highest variance of data points, Wattpad’s data breach had the densest loss (6 data points per user).

Moreover, Surfshark’s analysis revealed that out of all mentioned breaches, 25% had leaked phone numbers, posing a possibility for them to be used in vishing (phone scam) attacks. Especially when the leaks that included telephone numbers had other sensitive information, such as full name, city information, gender as well as date of birth.

"Sharing a person’s full name, email address, and phone number publicly is often perceived as a harmless act. However, once this data is breached or scraped, criminals can use it in various illegal schemes, such as phishing emails, fake bank calls, and even identity theft," – points out Vytautas Kaziukonis, Chief Executive Officer of cybersecurity company Surfshark.

Current news circulating around Pegasus spyware phone hijackings once again proved how phone numbers, if fallen into the wrong hands, can be used to hack victims instantly. And as phishing attacks continue to rise over the recent years, major data leaks can serve as convenient information databases for automated attacks on thousands of users.

Even though half of the analyzed data sets were given away to the public for free, one the most sensitive data sets of 2020 (ParkMobile, which included users’ full names, phone numbers and emails) was worth 125,00 USD for the data of 21 million users. However, in other cases, hackers made money from the data that was not even breached but scraped – as is evident in the recent April and July’s Linkedin scraping incidents, which affected 500 million users each.

According to the study, data scraping raises deep concerns, even though it does not involve hacking techniques. For example, in all 8 data breaches combined, physical addresses made up only 0.002% compared to a whopping 8.92% on April’s Linkedin data scrape alone. With various scraping tools available online, the safety of the data that people publish online lies in the hands of users themselves.