Like every year, 2021 also saw some major cybersecurity breaches and data leaks that exposed the personal information of millions of people online. In addition, the pandemic made many companies go online, and this gave an opportunity to hackers to get more creative and use sophisticated tools to carry out their work.
Let’s take a look at a few major cybersecurity breaches of 2021:
Facebook user data breach
In April 2021, media outlet Business Insider reported that a user in a hacking forum published the personal data of millions of Facebook users. Alon Gal, co-founder and CTO of cybercrime intelligence company Hudson Rock, discovered this first which exposed personal data of more than 533 million Facebook users from different countries with 6 million users from India. It included phone numbers, Facebook IDs, full names, locations, birthdates, and email addresses. The media report also talked about how a Facebook spokesperson said that the data had been scraped due to a vulnerability that the social media giant had patched in 2019.
This was not the first time Facebook had suffered data breaches. Even in 2019, millions of users’ phone numbers were scraped from Facebook’s servers in violation of its terms of service.
The data connected to 700 million LinkedIn users was posted on a dark web platform for sale in June 2021. By exploiting the API, the hackers “scraped” the data. The type of data stolen was email addresses, full names, phone numbers, LinkedIn usernames, personal and professional experience, and other social media accounts they held.
LinkedIn, in a statement, said that it was not a data breach and no private LinkedIn member data was exposed. The initial investigation revealed that data was scraped from LinkedIn and other websites. It included the same data reported earlier this year in the April 2021 scraping update.
This breach happened when four zero-day exploits were discovered in on-premises Microsoft Exchange Servers. It gave attackers full access to user emails and passwords on affected servers and administrator privileges on the server. They installed a backdoor that lets the attacker get entry to impacted servers even if the server is later updated to no longer be vulnerable to the original exploits. Over 250,000 servers have fallen victim to the data breach as of 9th March 2021.
In August 2021, IT giant Accenture confirmed that LockBit ransomware operators stole data from its systems during an attack that impacted the company’s systems. The LockBit ransomware team claimed to have stolen six terabytes of data from Accenture’s network. They demanded a $50 million ransom.
In October 2021, Acer confirmed that its servers were breached by a group of hackers called Desorden. They managed to steal over 60 gigabytes worth of data that contained sensitive information about millions of Acer’s customers like names, phone numbers of clients, and corporate financial data. The hack was reported by the hackers themselves and was later confirmed to be true by Acer.
In January 2021, a database of 1.9 million user records belonging to online photo-editor Pixlr was dumped on a dark web hacker forum by a notorious hacker by the name ShinyHunters. Data like usernames, email addresses, country, and passwords were exposed.
T-Mobile in August said that a US data breach had hit more than 40 million T-Mobile customers; the company has admitted and blamed it on a highly sophisticated cyberattack. It also said though personal information was stolen, no financial details were leaked. The world got to know about the breach after reports came out that criminals were attempting to sell a large database containing T-Mobile customer data online.