Global Data Breaches and Cyber Attacks in April 2024 – 5,336,840,757 Records Breached

IT Governance’s research found the following for April 2024:

  • 652 publicly disclosed security incidents.
  • 5,336,840,757 records known to be breached.

The number of records breached this month was high – particularly compared to March – largely due to two outlier events:

  1., a data scraping website, offering 4,186,879,104 Discord messages for sale.
  2. Critical vulnerabilities in 9 pinyin keyboard apps, affecting up to 1 billion users.

We discuss both events in more detail below.

Announcement: slight methodology change

For data breaches and cyber attacks claimed by threat actors on dark web forums, where they provide samples or other evidence of the breach, we now accept these incidents as having genuinely occurred, but don’t accept the number of records the threat actor claims to have stolen at face value.

This is because these numbers – particularly in terms of unique records – are often exaggerated. As such, we now log these as known to have had data breached, but with either an unknown number of records or logging only the number of samples provided (if specified), then update this when a reliable source has verified the numbers.

Example 1: Le Slip Français – initially logged as unknown, although we knew that the threat actor claimed to have more than 1.5 million email addresses, and full details of more than 690,000 customers. We subsequently updated this to 1,495,127 records, as confirmed by Have I Been Pwned.

Example 2: Argentinian database of driving licences – sample of 70,000 licences, so we logged this as 70,000 records, but the full database allegedly contains 5.7 million licences/records.

Free PDF download: Data Breach Dashboard

For a quick, one-page overview of this month’s findings, please use our Data Breach Dashboard:

Note: Under ‘Key incident metrics’, for last month’s figures, we’ve used the numbers that exclude March’s outlier events (916 misconfigured Google Firebase instances, and thousands of compromised Ray servers) to offer a more direct comparison with this month’s figures.

You can also download this and previous months’ Dashboards as free PDFs here.

This blog provides further analysis of the data we’ve collected. We also provide an annual overview and analyse the longer-term trends on our 2024 overview of publicly disclosed data breaches and cyber attacks.

You can learn more about our research methodology here.

Top 10 biggest breaches

Note: Where ‘around’, ‘about’, etc. is reported, we record the rounded number. Where ‘more than’, ‘at least’, etc. is reported, we record the rounded number plus one. Where ‘up to’, etc. is reported, we record the rounded number minus one.

Let’s take a closer look at the top 3, as well as a noteworthy supply chain (or third-party) attack:

1. More than 4 billion Discord messages offered for sale on data scraping website harvested 4,186,879,104 messages from 256,213,837 Discord users and offered them for sale.

Data scraping or web scraping is a typically automated process that extracts information from websites, allowing criminals to compile data sets containing personal information.

“Scraping our services and self-botting are violations of our Terms of Service and Community Guidelines”, a Discord spokesperson told The Register.

“In addition to banning the affiliated accounts, we are considering appropriate legal action. We identified certain accounts that we believe are affiliated with the website, which we have subsequently banned.”

The website has now been taken offline.

Data breached: 4,186,879,104 messages.

2. Keyboard app vulnerabilities reveal keystrokes from up to 1 billion users

Security researchers have identified critical security vulnerabilities in Cloud-based pinyin keyboard apps from nine companies:

  • Baidu, Inc.
  • Honor
  • Huawei
  • iFlytek
  • OPPO
  • Samsung Electronics
  • Tencent
  • Vivo
  • Xiaomi Technology

The vulnerabilities could be exploited by network eavesdroppers to reveal users’ keystrokes, with “up to one billion users are affected”.

Data breached: <1,000,000,000 people’s data.

3. Phone tracking app reveals more than 35 million users’ precise locations and data

A computer science and economics student at the University of British Columbia in Vancouver, Eric Daigle, has discovered vulnerabilities in the phone tracking app iSharing (by iSharingSoft).

These let users access any other user’s location, as well as their name, profile photo, and the email address and phone number they used to log in – even if they weren’t actively sharing their location data. The iSharing app is used by more than 35 million users.

iSharingSoft has fixed the issue, blaming it on a vulnerability in the app’s groups feature. 

Data breached: >35 million people’s data.

Noteworthy supply chain attack: Mobile Guardian, breaching data from 127 Singaporean schools

Mobile Guardian, a UK-based mobile app that helps parents manage their children’s device usage, was hacked on 19 April, according to the Singaporean Ministry of Education.

This led to the compromise of parents’ and teachers’ names and email addresses from 5 primary and 122 secondary schools in Singapore.

Mobile Guardian’s investigations detected unauthorised access to its systems via an administrative account on its management portal. Account records from the US were also accessed.

This incident once again highlights – as senior penetration tester Leon Teale points out – how criminals like to target third-party organisations. If you can compromise just one significant supplier, you can access the data of potentially hundreds (if not more) of organisations.

Data breached: unknown.

Sector overview

For our monthly analyses, we look at the top 5 most breached sectors by number of incidents and by known number of records breached.

We’ll provide a full sector breakdown in our annual report.

Top 5 most breached sectors (by number of incidents)

Note: To make this table as informative as possible, the percentages exclude the ‘multiple’, ‘other’ and ‘unknown’ sectors.

Top 5 most breached sectors (by number of records)

Suffered an incident?

Get FREE expert insight from Cliff Martin, our head of incident response, into:

  • Defence in depth, with prevention, detection and response;
  • The different stages of incident response;
  • Internal expertise vs outsourcing;
  • Cyber incident response plans;
  • Incident responder skills;
  • Staff training; and
  • Much more.

Security Spotlight

To get news of the latest data breaches and cyber attacks straight to your inbox, subscribe to our free weekly newsletter: the Security Spotlight.

Every Wednesday, you’ll get a 4-minute email with:

  • Industry news, including a round-up of the week’s publicly disclosed data breaches and cyber attacks;
  • Our latest research and statistics;
  • Interviews with our experts, sharing their insights and expertise;
  • Free useful resources; and
  • Upcoming webinars.