According to a report by global cybersecurity firm Surfshark, a total of 17.1 million online accounts were breached in India in Q1 2024, translating to 132 breaches per minute, up from six in Q4 2023. In the US, 90 million accounts were breached and in the UK, 5.7 million accounts were breached during the same period.
According to Surfshark's analysis, India is the eighth most breached country in the world since 2004, with a staggering 320.5 million compromised accounts. The top seven countries are the United States (3 billion), Russia (2.4 billion), China (1.1 billion), France (521.6 million), Germany (486.7 million), Brazil (354.2 million), and the United Kingdom (321.9 million).
The analysis highlights that of the 320.5 million compromised accounts, 88 million were unique email addresses. On average, 3.8 personal records were exposed per email address, totaling 1.2 billion personal records exposed over the past 20 years. Additionally, 162 million passwords were leaked along with these accounts, putting 50% of compromised users at risk for account takeover. This increases the likelihood of identity theft, extortion, and other cybercrimes.
In the most recent quarter, India experienced 13.3 times as many breaches as Bangladesh (1.3 million) and 4.1 times as many as China (70.6 million).Among the data breaches publicly disclosed in India from January to March 2024 was that of Cutout Pro, an AI-powered platform specialized in image and video editing, which exposed 8.1 million emails.
According to separate reports, Indian consumer wearables brand Boat suffered a major data breach that exposed the personal data of over 7.5 million users, exposing information such as names, addresses, phone numbers, email addresses, and customer IDs.
Additionally, cybersecurity firm CloudSEK confirmed a massive data breach from India's mobile network database. A threat actor identified as “CyboDevil” reportedly sold a 1.8 terabyte database containing the personal information of 750 million people on the dark web. The hacked data included names, phone numbers, addresses, and Aadhaar information, affecting around 85% of the population.
Surfshark spokesperson Lina Cervila highlighted the ongoing threat of data breaches around the world: “Surfshark's intensive monitoring of data breach trends over the past two decades has revealed an alarming digital reality: data breaches are an ongoing global threat. Since 2004, a staggering 17 billion user accounts have been breached around the world, with 400 million occurrences recorded earlier this year,” Cervila said.
Of the 17 billion user accounts leaked worldwide, 38 percent were unique email addresses. In total, 60.9 billion data points were leaked (17.2 billion of which were email addresses). On average, each email address had three additional data points leaked.
The data breach statistics were compiled by an independent partner of Surfshark, who collected data from 29,000 publicly available databases. Each compromised or leaked email address was considered an individual user account and analyzed along with associated information such as passwords, phone numbers, IP addresses, etc. The data was anonymized and statistically analyzed by Surfshark researchers.