Three major social media platforms – Facebook, Linkedin, and ClubHouse – were responsible for exposing the Personally Identifiable Information (PII) of over 1 billion individuals. Two in 10 social media users have fallen victim to a security-related incident, so updating account passwords to new (i.e. never been used before), hard-to-crack codes and adding an extra layer of protection with two-factor authentication on these accounts is critical in order to defend against credential stuffing and account takeover fraud.
The Insurance industry is being also targeted – read more about the latest threat to websites used for new policy quote generation. Download Sontiq’s Cyber Advisory Alert.
Here are the recent data breaches that made headlines in April 2021:
The personal data of 533 million Facebook users from 106 countries has been posted online for free in a low-level hacking forum. The data was scraped in a vulnerability that the company patched in 2019, and includes users’ phone numbers, full names, location, email address, and biographical information.
Over 500 million LinkedIn user profiles were discovered on the Dark Web. The hackers shared two million of these LinkedIn records for only $2 total to prove the legitimacy of the information in the stolen data. The LinkedIn account users’ data was scrapped or imported from the website into a database, and includes names, LinkedIn account IDs, email addresses, phone numbers, gender, LinkedIn profile links, connected social media profile links, professional titles, and other work-related personal data.
A database containing 1.3 million scraped Clubhouse user records was leaked for free on a popular hacker forum. The leaked database from the audio chat social network includes user ID, name, photo URL, username, Twitter handle, Instagram handle, number of followers, number of people followed by the user, and account creation date – all of which the company claims is public information.
A third-party software vulnerability is responsible for exposing 21 million customer records belonging to ParkMobile, a contactless payment parking app. The stolen data includes email addresses, phone numbers, license plate numbers, hashed passwords and mailing addresses.
The auto insurance company Government Employees Insurance Company, known as GEICO, filed a data breach notice announcing information gathered from other sources was used to “obtain unauthorized access to your driver’s license number through the online sales system on our website.” The total normal of insured drivers affected has not been disclosed but the hackers had accessed between January 21 and March 1. Driver’s licenses contain Personally Identifiable Information (PII) such as name, address and date of birth.
A database containing the personal details of over 5.6 million users of the popular music instruments online marketplace, Reverb, was discovered after it was leaked into the Dark Web. The database contained full names, email addresses, postal addresses, phone numbers, listing/order count, PayPal account email, IP address, and more.