The latest data breach yearly recap by Surfshark shows that 300 million accounts were breached in 2023, with the United States ranking first with 97 million breaches. Russia takes second place with 79 million. France (10M), Spain (8M) and India (5M) are far behind in the top five. The breach rate in the US more than tripled compared to 2022, while the global trends show a general decrease.
“As we look back on 2023, there’s a positive trend in data breaches – a 20% decrease in affected accounts compared to 2022. Despite this improvement, 300 million users worldwide still experienced breaches,” says Agneska Sablovskaja, lead researcher at Surfshark. “Even a single account data leak can lead to unauthorized access, risking the misuse of personal information, potential identity or financial theft. Using the same passwords across multiple accounts can compromise others, so it’s crucial to use unique and strong passwords for different online services.”
Surfshark learned the U.S. jumped to 1st place with almost 100 million breached online accounts in 2023, being previously ranked third with 31 million in 2022, after Russia and China. In 2022, Russia had the highest number of breaches. However, in 2023, the number of breaches decreased by 27%. Despite the decrease, Russia still holds over one-fourth of all breached accounts in 2023.
Q2 2023 had the most data breaches over the last year – 134 million, which is 80% more than the yearly average of 75 million. Q3 2023 had the fewest data breaches over the last year with only 31 million. In Q4 23, Panama and Israel had the biggest increase in data breaches.
Surfshark said LinkedIn had the biggest instance of people’s personal details being made available for nefarious actors. In 2023, LinkedIn had almost 11.5 million emails leaked due to the scraping of publicly available information. Out of the leaked accounts, 1.6 million were American, 1.1 million were French, and 700,000 were British. Four Russian platforms, Chitai-gorod, Book24, Gloria Jeans, and SberSpasibo, experienced the second through fifth biggest data breaches. These breaches exposed around 20 million Russian email accounts.
In January, Surfshark said Duolingo had a data breach, resulting in the leak of 2..7 million email addresses. Nearly one million of these emails belonged to Americans, 170,000 to South Sudanese, and 120,000 to Spaniards. Another major data leak was on chess.com, where the scraped data of almost 1.3 million people ended up on hacker forums. Of these, 470,000 were American, 76,000 were French, 75,000 were British, and 66,000 were Indian.
Europe was the most affected region by breaches in 2023, followed by North America and Asia. In 2023, Europe’s data breaches decreased from 160 million in 2022 to 116.6 million in 2023. To put this into perspective, Surfshark explained one in three accounts breached in 2023 originated from Europe, with 67% of these being Russian. North America accounts for 34% of the breaches, with 101.7 million. North America’s breaches grew 193% in 2023 compared to the previous year.
An additional 9% of the accounts originated from Asia (26.3M). All other regions comprised less than 5% of the years’s total, and almost 14% remain unknown. Out of all regions, Africa saw the greatest year-over-year decrease — 88%, bringing its total of 25 million leaked accounts in 2022 down to 3 million in 2023.
In descending order, the ten most breached countries of 2023 were the United States, Russia, France, Spain, India, Taiwan, Australia, Italy, the United Kingdom, and Brazil.
The countries with the highest breach density in 2023 (number of leaked accounts per 1,000 residents): Russia (542), the United States (285), Czechia (207), Taiwan (169), Spain (164), France (162), Australia (134), Panama (98), Sweden (96) and Finland (89).
Surfshark said that when an email account is breached, the user is at risk of social engineering and identity theft. Scammers might send fake emails pretending to be from legitimate organizations, and those emails might contain links with computer viruses or requests to disclose even more personal information. If the email address was leaked with more personal information like name and address, scammers might even be able to impersonate the victim for various malicious purposes.