Cyberattacks on Americans’ email and other personal accounts are getting markedly worse, and without dramatic upgrades to online security and the disruption of cybercrime networks—many of them state-sponsored—the costliest and deadliest cyberattacks are yet to come, according to a new report on cyber incidents worldwide in 2023.
Of all of the countries in the world, the United States is home to the highest number of hacked email and other personal accounts. Altogether, 97 million U.S.-based accounts—almost one-third of the global total of 300 million—suffered breaches of one kind or another in 2023, compared to 30.9 million U.S. accounts breached in 2022.
In second place was Russia with 79 million hacks, followed by France with 11 million, and Spain and India with 8 million and 5 million breaches, respectively.
Surfshark’s Findings
These and other data illustrating the scale and severity of the hacking crisis and the inadequacy of cyber defenses worldwide are the subject of the new report from Surfshark, a Netherlands-based cybersecurity firm.The report’s troubling findings highlight the growing aggressiveness of hackers and the continuing exposure of systems and networks on which citizens from all walks of life, in private and government roles, depend from day to day.
Surfshark’s report leaves no doubt that the problem has gotten significantly worse for Americans in recent months and that the United States is something of an outlier in this regard. According to the report, the breach rate in the United States more than doubled in 2023, even as the rate declined by 20 percent globally. Hackers are growing more focused and more bent on disrupting U.S. accounts and stealing sensitive data from Americans.
China, where many of the attacks originated, saw its own position improve somewhat, the report shows. The nation fell from second place on the list of most-breached countries in 2022 to 12th place in 2023.
Attacks by Region
Looking at breached accounts by global region, Europe is home to the highest number overall—116.6 million breaches in 2023, down from 160 million in the prior year. Adding results from Canada to those from the United States, the report finds that North America follows directly behind Europe, with a total of 101.7 million in 2023, compared with 34.7 million in 2022. Asia experienced 26.3 million breaches in 2023, way down from 83.6 million in the prior year.South America suffered 6.9 million breaches in 2023, down from 17.5 million in the prior year; Oceania came in fifth with 4.4 million breaches, down from 5 million in 2022; and Africa ended up in last place, with 3 million breaches in 2023, significantly down from the 25 million it suffered in the prior year.
What may seem like innocuous job-search and social media platforms often turn out to offer abundant opportunities for hackers and other malicious actors, putting the personal data of scores of millions of unsuspecting users at their fingertips. For sophisticated cyber actors, the security of the sites is minimal to nonexistent, and the costs of using them were evident in numerous disastrous incidents in 2023.
The report illustrates how the wide reliance on certain social media platforms, such as LinkedIn, can help to explain what may seem to be an unusually high vulnerability of U.S.-based accounts to cyber breaches and the high numbers recorded for other countries.
Surfshark describes how the “scraping” of publicly available LinkedIn profile information led to the leaking of nearly 11.5 million emails in 2023. While some may quibble with the inclusion of this incident on semantic grounds, Surfshark ranks it as the biggest data breach in all of 2023.
“Although it was not a data breach per se, the platform facilitated the aggregation of personally identifiable information that could be used for phishing attacks, spam, or brute-force password hacking attempts,” the report reads.
A disproportionate number of the leaks in that incident—1.6 million—were American, according to the report, while 1.1 million were French and 700,000 were UK-based.
A breach of the site Chess.com again inflicted heavily disproportionate harm on U.S. users. Of the 1.3 million people whose scraped personal data went to hackers, 470,000 were American, 76,000 were French, 75,000 were British, and 66,000 were Indian.
Other major attacks in 2023 affected such Russian platforms as Book24, Gloria Jeans, Chitai-gorod, and SberSpasibo.
The methodology of Surfshark’s report involved aggregating data from 29,000 publicly available databases. Countries with a population of less than 1 million people were not included in the research.