Number of records leaked: 5 Billion
Amazon-owned streaming service Twitch confirmed it suffered a huge data breach this week. A “human error” committed when configuring a server created an exploitable vulnerability that led to reams of confidential information being leaked online.
The breach makes Twitch – which employs over 5,000 people – the latest large business to fall victim to cybercrime this year; approximately 5 billion private business records were leaked from businesses between January and June of 2021 alone.
2. Pandora Papers
Number of documents leaked: 11.9 million
In 2019, an unknown source began submitting massive amounts of documents to the Washington-based International Consortium of Investigative Journalists.
The files showed a global cast of fugitives, criminals, celebrities, football players, and others, as well as secret assets, clandestine agreements, and hidden riches of the super-rich, including judges, tax authorities, intelligence chiefs, and mayors. It had the offshore banking dealings of several current and past leaders of state, as well as more than 130 billionaires.
3. Astoria Company
Number Of Individuals Impacted: 30 Million
Night Lion Security’s threat intelligence team became aware in January of several new breached databases being sold on the dark web. 10 million Astoria customers had their Social Security numbers, bank accounts, and driver’s license numbers exposed. In addition, more than 10 million Astoria customers had information from other fields exposed in the breach such as credit history, medical data, home, and vehicle information.
The leaked Astoria data also contained email transaction logs showing sensitive user information being transferred, unencrypted, via email.
Number Of Individuals Impacted: 21 Million
ParkMobile became aware of a cybersecurity incident in March linked to a vulnerability in a third-party software that the company uses. The company immediately launched an investigation, and found that basic user information – license plate numbers, email addresses, phone numbers, and vehicle nicknames – was accessed. In a small percentage of cases, mailing addresses were also accessed.
The company additionally found that encrypted passwords were accessed, but not the encryption keys required to read them. ParkMobile said it protects user passwords by encrypting them with advanced hashing and salting technologies.
Number Of Individuals Impacted: 15.7 Million
ClearVoice learned in April that an unauthorized user had posted a database online containing profile information of survey participants from August and September 2015 and was offering information to the public for purchase. The accessible data included contact information, passwords, and responses to questions users answered about health condition, political affiliation, and ethnicity.
The data sets could be misused by bad actors, resulting in survey participants getting contacted for purposes such as advertising. In addition, the accessible information might be used to prepare personal profiles, which could be used in a commercial or political context, according to ClearVoice.