The latest data breach yearly recap by Surfshark ranks India as the 5th most breached country in 2023, with 5.3 million leaked accounts. Globally, a total of 299.8 million accounts were breached, with the US ranking first and amounting to 32% of all breaches from January through December. Russia takes second place, while France is third, followed by Spain and India. The breach rate in India is 56% lower in 2023 than it was in 2022, while the global trend shows an 18% decrease.
Surfshark’s analysis of data breaches in 2023 shows India is in 5th place globally with 5.3M leaked accounts (previously ranked 7th with 12.3M in 2022). The breach rate is 56% lower in 2023 than it was in 2022. Around 10 Indian user accounts were leaked every minute in 2023.
“As we look back on 2023, there’s a positive trend in data breaches – a 20% decrease in affected accounts compared to 2022. Despite this improvement, 300 million users worldwide still experienced breaches,” says Agneska Sablovskaja, Lead Researcher at Surfshark. “Even a single account data leak can lead to unauthorized access, risking the misuse of personal information, potential identity or financial theft. Using the same passwords across multiple accounts can compromise others, so it’s crucial to use unique and strong passwords for different online services.”
The US jumped to 1st place after trifold yearly growth with almost 100 million breached online accounts in 2023, being previously ranked 3rd with 31M in 2022, after Russia and China. In 2022, Russia had the highest number of breaches. However, in 2023, the number of breaches decreased by 27%. Despite the decrease, Russia still holds over a quarter of all breached accounts in 2023.
LinkedIn had the biggest instance of people’s personal details being made available for nefarious actors
In 2023, LinkedIn had almost 11.5M emails leaked due to the scraping of publicly available information. Out of the leaked accounts, 1.6M were American, 1.1M were French, and 700K were British. Four Russian platforms, Chitai-gorod, Book24, Gloria Jeans, and SberSpasibo, experienced the 2nd through 5th biggest data breaches. These breaches exposed around 20M Russian email accounts.
In January, Duolingo had a data breach, resulting in the leak of 2.7M email addresses. Nearly 1M of these emails belonged to Americans, 170K to South Sudanese, and 120K to Spaniards. Another major data leak was on chess.com, where the scraped data of almost 1.3M people ended up on hacker forums. Of these, 470K were American, 76K were French, 75K were British, and 66K were Indian.
Europe was the most affected region by breaches in Q3 2023, followed by North America and Asia
In 2023, Europe’s data breaches decreased from 160M in 2022 to 116.6M in 2023. To put this into perspective, 1 in 3 accounts breached in 2023 originated from Europe, with 67% of these being Russian. North America accounts for 34% of the breaches (101.7M). North America’s breaches grew 193% in 2023 compared to the previous year. An additional 9% of the accounts originated from Asia (26.3M). All other regions comprised less than 5% of the years’s total, and almost 14% remain unknown. Out of all regions, Africa saw the greatest year-over-year decrease — 88%, bringing its total of 25M leaked accounts in 2022 down to 3M in 2023.
In descending order, the ten most breached countries of 2023 were the US (96.7M), Russia (78.4M), France (10.5M), Spain (7.8M), India (5.3M), Taiwan (4M), Australia (3.5M), Italy (3.4M), the UK (3.3M), and Brazil (3.3M).
The countries with the highest breach density in 2023 (number of leaked accounts per 1,000 residents): Russia (542), the US (285), Czechia (207), Taiwan (169), Spain (164), France (162), Australia (134), Panama (98), Sweden (96) and Finland (89).
When an email account is breached, the user is at risk of social engineering and identity theft. Scammers might send fake emails pretending to be from legitimate organizations, and those emails might contain links with computer viruses or requests to disclose even more personal information. If the email address was leaked with more personal information like name and address, scammers might even be able to impersonate the victim for various malicious purposes.
If you suspect your information has been breached, you should:
- Change the passwords to your accounts immediately
- Enable two-factor authentication where possible
- Contact your bank if your credit card information was leaked
- Scan your devices for malware
- Keep an eye out for scams if your email, phone number, or other contact information leaked.
METHODOLOGY
A data breach happens when confidential and sensitive data gets exposed to unauthorized third parties. In this study, we treat every breached or leaked email address used to register for online services as a separate user account, which may have been leaked with additional information, such as password, phone number, IP address, zip code, and more.
The data was collected by our independent partners from 29,000 publicly available databases and aggregated by email address. To determine the location of the email address, our partners’
mechanism looked into several associated parameters, such as domain names, IP addresses, locales, coordinates, currency, or phone numbers. This data was then anonymized and passed on to Surfshark’s researchers to analyze their findings statistically.
The Data Breach World Map is updated monthly with the most recent data from our independent partners. The numbers from January to December 2023 were compared with data aggregated from January to December 2022. Countries with a population of less than 1M people were not included in the analysis. For the full methodology, please refer to: https://surfshark.com/research/data-breach-monitoring/methodology
