• The number of breached accounts in 2023 declined by 18 percent.
• Despite this, data from nearly 300 million accounts was compromised throughout the year.
• The US was the country with the highest number of breaches followed by Russia and then France.

First the good news, according to research from internet security company Surfshark, the number of data breaches globally declined by 18 percent in 2023. This trend was also seen in Africa where the number of accounts affected by data breaches fell from 25 million in 2022 to 3 million in 2023.

On to the bad news then. Despite this decline, as many as 299.8 million user accounts were compromised in 2023. We should note that Surfshark arrived at these figures by analysing data from 29 000 publically available databases. The company says that it treats every email address registered for a service or platform as a separate user account and counts it as a breach. This means that if an email is registered with several websites and those websites are breached, it will count as a separate breach.

The data released by Surfshark highlights that as many as 96.7 million accounts from the US added to the 299.8 million total. This is triple the number Surfshark noted in 2022.

The country with the next highest number of breaches was Russia with 78.4 million followed by France with 10.5 million.

Surshark’s data highlights that while some regions have seen a decline in the number of breaches, others have had dramatic increases in the back of several breaches.

“In 2023, LinkedIn had the biggest instance of people’s personal details being made available for nefarious actors, with almost 11.5M emails leaked due to the scraping of publicly available information. Although it was not a data breach per se, the platform facilitated the aggregation of personally identifiable information that could be used for phishing attacks, spam, or brute-force password hacking attempts. Surfshark’s researchers discovered that out of the leaked accounts, 1.6M were American, 1.1M were French, and 700K were British,” the security firm wrote.

Following LinkedIn in Surfshark’s rankings four Russian websites occupy the top five and account for 20.1 million compromises collectively.

While these breaches may seem far from home as INTERPOL outlined in its African Cyberthreat Assessment Report for 2021[PDF], “These threats are affecting other regions equally, confirming the borderless nature of cybercrime. The unique challenge for Africa appears to be the critical absence of cybersecurity protocol, cyber resilience as well as mitigation and prevention measures for individuals and businesses. As a region that is embracing digital transformation, Africa needs to invest extensively in improving the safety and security of cyberspace.”

As internet access improves across the African continent, there is potential for cybercriminals to shift focus to Africa or indeed for more cybercriminals to emerge from the continent. While figures regarding cybercriminals from Africa indicate that they are few and far between, we still see arrests being made.

For those who suspect their accounts have been compromised you can check using Troy Hunt’s Have I Been Pwned? Simply key in your email address and the website will scan the leaked databases it is aware of to let you know if your details have been compromised.

If your account details have been compromised, Surfshark advises users take the following actions.

• Change the passwords to your accounts immediately,
• Enable two-factor authentication where possible,
• Contact your bank if your credit card information was leaked,
• Scan your devices for malware,
• and finally, keep an eye out for scams if your email, phone number, or other contact information leaked.

[Image – Markus Spiske on Unsplash]