According to Surfshark’s analysis, India is the eighth most breached country globally since 2004, with a staggering 320.5 million leaked accounts. (File)
The breach translates to 132 accounts leaked per minute, up from six in Q4 2023, according to a report by global cybersecurity company Surfshark. The United States (US) saw 90 million accounts breached, and the United Kingdom (UK) 5.7 million in the same period
A total of 17.1 million online accounts were breached in India in the first quarter of 2024, translating to 132 per minute, up from six in Q4 2023, according to a report by global cybersecurity company Surfshark. The United States (US) saw 90 million accounts breached, and the United Kingdom (UK) 5.7 million in the same period.
According to Surfshark’s analysis, India is the eighth most breached country globally since 2004, with a staggering 320.5 million leaked accounts. The top seven countries are the US (3 billion), Russia (2.4 billion), China (1.1 billion), France (521.6 million), Germany (486.7 million), Brazil (354.2 million), and the UK (321.9 million).
The analysis highlights that of the 320.5 million compromised accounts, 88 million are unique email addresses. On average, each email address is leaked with 3.8 additional personal records, amounting to a total of 1.2 billion personal records exposed over the last two decades. Furthermore, 162 million passwords were leaked, along with these accounts, putting 50 per cent of breached users at risk of account takeover. This increases the potential for identity theft, extortion and other cybercrimes.
In the most recent quarter, India experienced 13.3 times more breaches than Bangladesh (1.3 million) and 4.1 times fewer breaches than China (70.6 million). Among the publicly known data breach incidents in India from January to March 2024 is the case of Cutout Pro, which is an AI-powered platform specializing in image and video editing, which caused a leak of 8.1 million emails.
According to separate reports, there was a significant data breach, which affected the Indian consumer wearable brand called Boat. It was said that the breach exposed the personal data of over 7.5 million users, exposing information such as names, addresses, phone numbers, email addresses and customer IDs.
Additionally, a cybersecurity company, CloudSEK, has confirmed a major data breach from an Indian mobile network database. According to reports, a threat actor, identified as ‘CyboDevil’, was selling a 1.8-terabyte database comprising 750 million people’s personal information on the dark web. The hacked data contained names, phone numbers, addresses and Aadhaar information, impacting about 85 per cent of the population.
Lina Survila, a spokesperson at Surfshark, emphasised the persistent threat of data breaches worldwide. “Surfshark’s extensive monitoring of data breach trends over the past two decades reveals an alarming digital reality: data leaks persist as an ongoing global threat. Since 2004, a staggering 17 billion user accounts have been leaked worldwide, with 400 million occurrences recorded at the start of this year,” Survila stated.
Of the 17 billion leaked user accounts globally, 38 per cent are unique email addresses. In total, 60.9 billion data points have been exposed (with 17.2 billion being email addresses). On an average, each email address is leaked with three additional data points.
The data breach statistics were compiled by Surfshark’s independent partners, who collected data from 29,000 publicly available databases. Each breached or leaked email address, considered a separate user account, was analysed along with associated information such as passwords, phone numbers, IP addresses and more. The data was anonymised and statistically analysed by Surfshark’s researchers.
