1 out of 5 Indians have been targets of a data breach: Report

One out of five Indians has suffered a data breach since 2004 till the December quarter of 2022, according to data shared by Surfshark, a VPN provider. India was the second most impacted country in Asia and sixth in the world with 265.4 million compromised internet users. More than one billion data points belonging to Indian users have been leaked since 2004 with around four data points leaked with every compromised account. Password was the most leaked data point for Indian users due to the poor password hygiene of Indian users. 

According to a November report by password manager firm NordPass, “password” was the most used password in India in 2022. It was used 3.4 million times in India and 4.9 million times globally. The second most used password in India “123456” was used 166,757 times, while Bigbasket, which was the fourth most used password, was used 75,081 times. 

Stealing user data is one of the top reasons behind cyberattacks. Even ransomware operators have started to steal data before encrypting systems and servers and blocking access to them. India had 692 million active internet users in 2021, according to a July report by IAMAI and Kantar. Rural India, which has much lower education levels, accounts for 351 million Internet users ahead of urban India which has 341 million Internet users. Total number of Internet users is expected to grow to 900 million by 2025, as per the report. 

Though India is one of the most targeted countries, Surfshark data shows that the US has the highest number of breached accounts in the world. For instance, the US accounted for 15.9% of all breached email addresses globally. Russia, which is the second most impacted country, email addresses accounted for 14.5% of all global breaches.

According to new CERT-In rules, announced in April, all Internet service providers, intermediaries, data center providers, corporates, and government organizations are required to report severe cyber incidents within 6 hours of detection.