India had nearly 3.7 lakh online accounts breaches, or about three each minute, in the third quarter of 2023, a study by the Netherlands-based cybersecurity company Surfshark showed.

An account is said to be breached when sensitive information about it is exposed to unauthorised third parties. Each e-mail address that was used to register for online services and then leaked has been considered a breach by Surfshark in its study.

India saw 3,69,093 breaches in the third quarter (July to September) of this year, the cybersecurity firm said. The country had the tenth most breached accounts in the world during this period.

This figure, however, was 74% lower than 14,03,459 breaches recorded in the second quarter (April to June) of 2023. During that period, India had the seventh most breached accounts in the world.

In the third quarter of 2023, the countries with the most breached accounts were the United States (81,02,445), Russia (71,02,845) and France (16,20,815). The other countries that had more breached accounts than India were China, Mexico, Columbia, Brazil, Malaysia and the United Kingdom.

India, however, ranked 108th in the world in terms of breach density, or the number of leaked accounts per 1,000 residents. The top three countries in terms of breach density were Russia, France, and the United States.

Globally, the number of breached users saw a 76% decrease in the third quarter as compared to the second. Europe had the highest number of account breaches, followed by North America and Asia.

Agneska Sablovskaja, lead researcher at Surfshark, said that every minute, over 240 online accounts were compromised globally, exposing sensitive information to malicious actors. “We recommend a vigilant approach by maintaining accounts only on actively used platforms and implementing two-factor authentication for enhanced security,” she said.

Surfshark said that the data for the study was collected by its independent partners from 29,000 publicly available databases and aggregated by email addresses. The study then looked at parameters such as domain names, Internet Protocol addresses, coordinates, currency and phone numbers to determine the location of the e-mail address. The data was then anonymised and sent to Surfshark’s researchers.