During the pandemic, cyberattacks grew more than ever. Theft, hijacks, and data leaks are increasingly popular practices in cybercrime. The lock and hijack for ransom (ransomware) category has stood out a lot, as data is a highly valuable resource and most companies do not refuse to pay the million-dollar amounts charged to rescue their data.
Moving to remote work models has caused more people to occupy virtual environments, which increases the chances of digital attacks. In addition, home office work, where business systems are accessed from home and through personal devices, has increased the attack surface in information security.
In other words, the global destabilization generated by the pandemic has been a fertile field of vulnerabilities to be exploited by cybercrime.
This wave of attacks has been spreading around the world, reaching government agencies and companies from different sectors. One of the biggest risks for companies is having their data leaked, which can be one of the consequences of non-payment of ransomware, for example.
Another potential leak occurs when attackers make the data available for sale on specific deep web forums.
The year is not over yet and we already have a generous list of this kind of cyberattacks. Check out the biggest data leaks that occurred in 2021 in Brazil and worldwide.
Brazil: 223 million Brazilians’ Data Leaked
The most recent case of data leak in Brazil has 223 million personal information about Brazilians, including names, dates of birth, gender, individual taxpayer numbers, corporate taxpayer numbers, vehicle information, addresses, face pictures, education, registration in retirement benefits, data from public officers, debt score, among others.
That is pretty much all the data a person can have. If the Brazilian population is 212 million, data from almost all Brazilians would be included in this list, but the leak also contains information on deceased people and data from previous leaks.
The data package was posted on a forum to be marketed. The suspects responsible for putting the information up for sale have already been caught by the police. One of them is called Marcos Correia da Silva, known as Vandathegod. The second involved, Yuri Batista Novaes, known as JustBR, was arrested in the act in Petrolina and seized with 4 terabytes of data in his home.
Brazil has been one of the main targets of cybercriminals. In 2019, the country reached second place in the world in ransomware attacks. In 2020, in the second quarter alone, there was an increase of 350%, reaching both companies and governments, according to data from Kaspersky.
The numbers do not stop growing, even in the first half of 2021 the world already has numerous cases of cyberattacks, and at least eight of these incidents occurred in Brazil, which corresponds to about one attack per week.
RockYou2021: Historical Leak of 8.4 billion Passwords
Considered the biggest leak in history, the attack makes reference to RockYou, a large leak that released 32 million passwords from users of the social network RockYou. This time, the leak involved 8.4 billion access passwords disclosed in a hacker forum.
It is still not possible to say how these data were compiled and their source. But some experts believe the data has been accumulated over the years and merged with previous leaks.
This type of leak raises an alert, as these cybercriminals may use password matching techniques on multiple online accounts or build an access dictionary to facilitate attacks. The users’ neglect only makes the situation worse, as the common habit of reusing passwords, for convenience, can further increase the damage.
Facebook: 533 million Facebook Users’ Data Leaked
553 million people from 106 countries had their personal data published free of charge on a hacker forum. Information includes name, address, telephone number, date of birth, and email accounts. Tests performed by experts confirmed the legitimacy of the data and that it can still be used for future attacks.
When taking a stand on the case, Facebook stated it is a leak with data already violated in 2019. At that time, the attacker found a vulnerability in the platform that allowed the import of user data, linking phone numbers to specific users. “We found and fixed this issue in August 2019,” said a Facebook spokesperson.
Facebook has already been the target of speculation about data leaks and misuse since the case involving Cambridge Analytics, when it used data from 80 million users to interfere in the course of the 2016 elections in the United States.