Top Data Breaches of 2021 | Most Critical Vulnerability of The Last Decade | Top 200 Most Common Passwords of 2021 Revealed

December 13th

Article by Christopher Lauder, Delegate Relationship Executive, Rela8 Group

Top Data Breaches of 2021

To begin our final news update of the year, let’s have a little recap. According to Identity Theft Resource Center research, the total number of data breaches up to Sept 30th, 2021, has already surpassed the total number of breaches in 2020 by 17%. This has set up 2021 to be a record-breaking year when it comes to data breaches.

To reminisce over this record-breaking year, Security Magazine takes a trip down memory lane and looks back over the top ten data breaches of 2021 ranked by number of victims.

10. Android Users Data Leak – 100+ million

9. Thailand Visitors – 106+ million

8. Raychat – 150 million

7. Stripchat – 200 million

6. Socialarks – 214+ million

5. Brazilian Database – 223 million

4. Bykea – 400 million

3. Facebook – 553 million

2. LinkedIn – 700 million

1. Cognyte – 5 billion

For full context on each breach, including who was affected and what was stolen, please check out the source below.

Source - Top Data Breaches - SecurityMagazine

Most Critical Vulnerability of The Last Decade

“The internets on fire right now” says Adam Meyers, Senior Vice President of Intelligence at Crowdstrike. Why is it on fire? Log4Shell.

Log4Shell may be the worst computer vulnerability discovered in years. It has been uncovered in an open-source logging tool that is found everywhere in cloud servers and enterprise software that is used across industries and governments. If it is not fixed, it grants attackers, criminals, spies, and programming novices alike, easy access to internal networks where they can steal valuable data, plant malware, erase critical information and more.

People are scrambling to patch this vulnerability. In the 12 hours since the bug’s existence was disclosed, Adam at Crowdstrike said it had already been “fully weaponized”. Similarly, Joe Sullivan, Chief Security Officer at Cloudflare said “I’d be hard-pressed to think of a company that’s not at risk”. Untold millions of severs have it installed, and experts have said that the fallout of this will not be known for several days. Amit Yoran, CEO of Tenable, has described this as “the single biggest, most critical vulnerability of the last decade”.

Why is it so dangerous? Anyone with the exploit Log4Shell can obtain full access to an unpatched computer that uses the software. The extreme ease with which attackers can access a web server, with no password required, is what makes this so dangerous.

Keep an eye out over the coming days and weeks to see the impact this has, and for security patches to protect against this exploit.

Source - Log4Shell - The Guardian

Source - Log4Shell - Washington Post

I’d be hard-pressed to think of a company that’s not at risk

Joe Sullivan, CSO at Cloudflare

Top 200 Most Common Passwords of 2021 Revealed

Finally, the team at NordPass have evaluated a 4TB password database that was compiled by independent cyber security researchers who were investigating various incidents throughout 2021 across 50 countries. Because of this, they have released a list of 200 of the most common passwords used in 2021. Unsurprisingly, ‘123456’ was the winner, being used by more than 100 million individuals. ‘qwerty’ came fourth, and ‘password’ fifth.

The passwords were also ranked by how quickly they could be cracked by computers. The most secure passwords in this list, which sat at places 54 and 124, were ‘myspace1’ and the name ‘michelle’ – with each taking three hours to crack.

Much of the list would take less than one second to crack, yet honourable mentions go to the only other two passwords to break the one-hour mark. Those being ‘zag12wsx’ and ‘jennifer’.

It would appear as if Liverpool FC is the most popular team in the world, or the one whose fans are the most laid back about password security. It appeared 121st in the global list, and 3rd overall in the UK. NordPass also noted that men were more likely to use swear words as their passwords than women.

With all this, it seems as if years of campaigning for stronger password policies from the cyber security industry has fallen on deaf ears, as only two of the global top ten contained characters other than sequential numbers. Complex passwords should always be favoured, and typically these contain at least 12 characters with a mix of uppercase, lowercase letters, numbers, and symbols.

Source - Most Common Passwords - IT Pro