Account leaks of Indian users fall 17 times in 2022: Report

India saw a significant year-over-year decrease in leaked accounts. The country had 4.7 million leaked accounts in 2022. The situation actually improved by 94% compared to 2021 as the country saw a decrease of almost 17 times, moving from 78.6 million in 2021, according to a report published last week by Netherland-based VPN service company Surfshark’s Global data breach statistics tool.  

In information security, data leaks can reveal everything from social security numbers to banking information going into the hands of cybercriminals. And once they have these details, they can engage in all types of fraud under your name. Theft of your identity can ruin your credit, pin you with legal issues, and it is difficult to fight back against. 

The positive trend was visible across the world too. Globally, a total of 310.9 million accounts were leaked in 2022 — a third of the 959.3 million occurrences seen in 2021. Year-over-year breach rates were 67.6% lower in 2022 than in 2021. Moreover, whereas 30 accounts were leaked every second in 2021, only 10 were leaked per second in 2022.  

The five countries with the most significant data leaks in 2022 were Russia, China, the US, France and Indonesia. Brazil and India occupy the sixth and seventh spot respectively. Regarding the distribution per population, 40 accounts were leaked per 1,000 people globally in 2022, as opposed to 123 per 1,000 people in 2021. In it, Russia had the highest breach density, where 718 accounts were leaked per 1,000 people.

Asia was responsible for a fourth of all world’s breaches with 74.2 million, mostly coming from China, Indonesia and India. For example, the Swachh city data breach in January 2022 affected the largest number of Indian email accounts, amounting to 2% of all breaches of the year, the report showed. The highest growth in y-o-y user victims was spotted in Indonesia (269%), Sri Lanka (204%), Russia (191%), Uzbekistan (73%) and China (45%). 

Another report published by Surfshark on December 14, 2022, noted that one out of five Indians has suffered a data breach since 2004 till the December quarter of 2022, which amounts to more than one billion data belonging to Indian users have been leaked since 2004 with around four data points leaked with every compromised account. Password was the most leaked data point for Indian users due to the poor password hygiene of Indian users, it said.  

According to a November 2022 report by password manager firm NordPass, “password” was the most used password in India in 2022. It was used 3.4 million times in India and 4.9 million times globally. The second most used password in India “123456” was used 166,757 times, while Bigbasket, which was the fourth most used password, was used 75,081 times.

India is further working on reducing instances of data leaks with the Unique Identification Authority of India (UIDAI), under the Ministry of Electronics and Information Technology, stating on December 20, 2022 that it will work on several areas to enhance data security and privacy.  

Moreover, according to new CERT-In rules, announced in April 2022, all Internet service providers, intermediaries, data centre providers, corporates, and government organisations are required to report severe cyber incidents within six hours of detection.