In December 2023, IT Governance , a global provider of cyber risk and privacy management solutions, discovered more than 2.2 billion records known to have been hacked in 1,351 publicly acknowledged security incidents. With 2,814 officially announced security incidents, the total number of breached records in 2023 will be over 8.2 billion.
The amount of data compromised in December increased by a stunning 6,998% when compared to December 2022, and by 332% when compared to November 2023.
Real Estate Wealth Network
Real Estate Wealth Network, based in New York, was told about an unprotected database containing over 1.5 billion records.
Jeremiah Fowler, a security researcher, uncovered the database, which revealed that the files belonged to Real Estate Wealth Network. The exposed data includes information on property owners, sellers, and investors, as well as internal user logging data and other information.
Numerous celebrities were supposedly among the property owners, with street addresses, purchase prices and dates, mortgage companies, mortgage loan amounts, tax ID numbers, taxes owed, paid, or due, and other information available. Since then, Real Estate Wealth Network has safeguarded the database.
TuneFab
More than 151 million data records were exposed by TuneFab, a website that converts music from prominent streaming services such as Spotify, Apple Music, YouTube, and Audible into other formats.
The data contained sensitive information such as users' IP addresses, user areas, user IDs, emails, and device specifics.
In September, security researcher Bob Diachenko discovered the breach and contacted TuneFab, which corrected the misconfiguration within 24 hours.
Dori Media Group
The MalekTeam consortium hackers have threatened Dori Media Group, an international consortium of media firms based in Israel, Switzerland, Argentina, Spain, and Singapore. MalekTeam claims to have destroyed over 100 TB of Dori Media Group data. The hackers are now threatening to release the stolen data.
Alan Calder , the founder and executive chairman of IT Governance, commented:
“It’s alarming to see such a substantial increase in the number of compromised records, reflecting a persistent and escalating threat to data security. The surge, particularly compared to the same period last year, highlights the evolving tactics of cyber criminals.
“The breaches affecting Real Estate Wealth Network, TuneFab and Dori Media Group show the diverse targets and methods employed by malicious actors using destructive tactics and extortion.
“In the case of Real Estate Wealth Network, the exposure of sensitive details, including those of celebrities, poses not only a privacy risk but also raises concerns about the broader implications of such leaks. It emphasises the need for organisations, regardless of industry, to prioritise robust security measures, including thorough database protection and monitoring.”
“The role of the security researchers who alerted these organisations of the recent cyber security incidents cannot be overstated."
“The key takeaway is the critical importance of a multi-layered, defence-in-depth security approach to prevent and mitigate evolving threats. This includes not only technical safeguards but also ongoing user education and a culture of cyber security awareness within organisations, particularly from leaders and top management, in order to stay one step ahead of these relentless cyber threats.”