Hacker Hotspots: The Apps Most Vulnerable to Cybercrime

Our world has become increasingly dependent on the internet and as a result, sharing large volumes of information about ourselves on social, communication and even entertainment apps has become normalised. However, our willingness to embrace sharing on popular apps like Instagram and WhatsApp exposes us to an increased risk of cybercrime. Statistics show that a new cyberattack occurs every 39 seconds somewhere on the web and Google has reported that 20% of social accounts will be compromised at some point. 

With cybercriminals seeking to take advantage of our online presence to obtain personal data, it’s more important than ever that we remain vigilant. If your data is compromised in a cybersecurity breach, hackers could use this information to commit identity theft and fraud. In light of this, TechShielder set out to discover which popular communication, social, and entertainment apps are most likely to be hacked, and the types of data that would be compromised if they were attacked. Hacking is defined by the Crown Prosecution Service as the unauthorised use or access into computers or networks using security vulnerabilities or bypassing secuirty steps. The study also looked at the Google search volume of various terms related to hacking in OECD capitals to determine the cities where people are most at risk of being victims of cybercrime.

The Ten Popular Apps Most Likely To Be Hacked

most frequently hacked apps

We identified the most popular apps around the world based on the number of app store downloads over the past year across the following categories: social, entertainment, and communication. To determine which of these popular apps are most likely to be targeted by cybercriminals we analysed the average number of Google searches for each app in relation to hacking for example, ‘Instagram hacked’. We then reviewed the privacy policies of each app to reveal what data, and how much, each one stores.

The table below shows the top 10 web platforms and social apps around the world that are most likely to be hacked based on how many users search in Google for searches related to hacking per month: 

RankAppSearch termAvg monthly search volumeData points stored per app
1FacebookFacebook hacked550,00070%
2InstagramInstagram hacked246,00067%
3WhatsappWhatsApp hacked135,00053%
4SnapchatSnapchat hacked49,50059%
5TwitchTwitch hacked27,10033%
6NetflixNetflix Hacked 18,10044%
7YouTubeYouTube Hacked12,10052%
8TelegramTelegram hacked8,10018%
9TwitterTwitter hacked8,10053%
10MessengerMessenger hacked6,60070%

You Are Most Vulnerable To Attack On Meta Owned Apps

app developer data

The top three most hacked apps are Meta-owned platforms; Facebook, Instagram, and WhatsApp. These apps allow communication between parties and enable users to post and interact with personal content. Meta-owned products hold the most information on their users, in fact all of the most popular meta apps researched hold more than half of potential data points on their users. Therefore, it’s unsurprising that Meta’s apps are the most likely to be hacked as compromising these platforms would give cybercriminals access to a vast wealth of valuable information that could be used to impersonate people and commit fraud or blackmail them. 

The app that holds the least amount of information on its users is Telegram, which stores only 18% of potential data points despite offering a similar service to Facebook messenger. Telegram outlines that they collect minimal data because they ‘only store the data that Telegram needs to function as a secure and feature-rich messaging service.’ This suggests that many of the world’s most popular apps could be collecting unnecessary data on their users, but why? 

Many popular apps, including Facebook and YouTube, rely heavily on selling advertising space for income. YouTube alone made $28.8 billion in ad revenue in 2021, whilst 55% of this went to the creators on the platform this still means that the app itself made a huge profit last year. Therefore it’s clear that many apps are using our data for their monetary gain rather than to enhance our experience of using them. 

Facebook is the App That Puts Its Users Most At Risk

mobile facebook

With an average of 550,000 searches being made globally per month for the term ‘Facebook hacked’ our research suggests that this is the social app most likely to be targeted by cybercriminals. In 2021 the popular social networking site received 416 million app store downloads and remains the most used online social media network in the world today with roughly 2.93 billion users per month (Statista).

The immense popularity of Facebook alongside the fact it collects more data than any other app (70% of all possible data points) means using the platform comes with a massive risk of being targeted by cybercriminals and hackers. Further, the platform’s lack of security could also make it a prime target for cybercriminals. Over the years, Facebook has come under fire for its lack of security- in 2021 alone over 533 million profiles were exposed in a low level hacking forum. Facebook responded to the claims stating that it was not the result of a hack but instead profiles were exposed through scraping of information that was publicly available. They have since rolled out multiple policies to further protect their platforms – they are trialing end-to-end encryption as default on their messaging service and over the next decade have promised to implement changes to improve their overall security and privacy. 

If you are concerned about how much personal information is available about you through your Meta accounts, you can adjust your privacy settings or contact them to remove your information. Even small changes, such as restricting location data, will reduce the amount of information the platforms hold on you.  

What Personal Data Is At Risk If Your Favourite Apps Are Compromised?

security image

To gain an insight into the type, and level, of data that is at risk when popular social, communication and entertainment apps are compromised we analysed the privacy policy of each app. 

The table below shows the most commonly collected data points that 90-100% of the researched apps store:

CategoryData collection pointsPercentage of apps that collect data on this metric
PersonalPhone Number100%
PersonalEmail address100%
PersonalDo they share this info with third parties100%
PersonalName90%
PersonalCredit card information90%
Online ActivityCookies90%

Perhaps unsurprisingly, all the most popular apps collect information on our phone number and email address, and 90% collect data on our name. This type of data collection is necessary to maintain the security of app accounts as a user’s contact details and name are used to identify them as the owner of an account when logging in.  

Nearly all the platforms, 90%, also store information on users’ cookies. Cookies store useful information, such as login credentials, which means account holders don’t have to manually log into an app every time they use it. However, cookies do track information about how a person uses sites which means that the majority of platforms and apps that people use daily have an in-depth insight into our online lives, and what we do on our devices. 

Privacy concerns are exacerbated further when you consider that 100% of all researched apps share data with third parties. This poses a security risk as your data could be compromised by hackers via multiple access points, but also raises the question: who has access to your data, and how much of it is available?

How Using Apps Puts Your Friends and Family At Risk

mobile phone security

Our research revealed that 70% of apps store our profile images while a further 40% of apps and platforms gather data on users’ personal interests and recordings from voice-enabled features. This suggests that many of our favourite apps have a clear picture of what we look like, sound like and what we are interested in. The risk this poses to our identities is a privacy concern in and of itself, but how this information could be used to target our friends and families is even more frightening. 

Nearly all the apps analysed (80%), have access to our contacts lists. If cybercriminals have enough information on who we are and who we talk to they could easily impersonate us to friends and family using phishing techniques to carry out various cybercrimes. For example, luring vulnerable connections into providing them with money and personal information or convincing people to follow a link that will encrypt their device. 

To reduce the possibility of your connections falling prey to an attack you should contact them as soon as you know your account has been compromised and ensure they know what you would, and wouldn’t ask of them, via app communication. 

The following table shows the percentage of the apps that store information identifying what users look like, sound like and are interested in as well as data on user’s contacts: 

CategoryData collection pointsPercentage of apps that collect data on this metric
ContactsFriends/ Contact list80%
Personal Profile Photo70%
AppVoice-enabled features40%
PersonalPersonal Interests40%

Your App Use Could Put You At Risk Of Being Manipulated In Everyday Life

mobile phone

80% of popular apps know the duration and frequency of our screen time, 50% know what we are doing on our devices, a further 70% also store data on the ads that we see and how we interact with them, and 60% store data on our purchases and transactions. 

This means apps have an extensive insight into what we do with our screen time, the actions we take off the back of the content we consume and what incentivises us to take action. With this level of understanding on how we are influenced to make decisions, apps or the third parties they share data with could easily manipulate us and the choices we make. 

Cambridge Analytica is a prime example of a third party that utilised user data from a popular social media app for questionable and highly manipulative purposes. The British political consulting firm scraped over 87 million Facebook accounts and targeted users with tailored advertisements to encourage them to vote in favour of Brexit. 

If you are concerned about your information being shared with third parties you have the right to ask apps to remove information or restrict certain processing of their data under GDPR and other relevant data protection laws.

The following table shows the percentage of apps that collect data on user’s app activity, online activity, and device information: 

CategoryData collection pointsPercentage of apps that collect data on this metric
AppDuration and frequency of your activity80%
AppThe ads you see and how you interact with them70%
AppViews/ Interactions with a page70%
Online ActivityPurchases or transactions you make60%
DeviceWhat you’re doing on your device50%

How Social, Communication And Entertainment Apps Could Put Your Conversations And Private Content At Risk 

most hacked cities

Our research also found that 60% of apps and platforms store data on the content we create, and 50% have access to photos and videos from our camera roll. While the collection of this data is necessary to allow us to post content and engage with an app, this means that popular apps and any third parties they share data with have access to your personal library. 

We tend to believe the files and images stored on our devices are private and available only to us, so often we feel comfortable storing content of a private and personal nature. If sensitive images and videos are obtained by unwanted parties,  you could be blackmailed or face legal consequences depending on the content. For example, if a hacker retrieves indecent photos of someone they would have the leverage to bribe you for monetary gain. 

60% of apps also store data on our conversations meaning that messages are at risk of being stolen. To protect your messages, and ensure they remain private, you should investigate the options available within the apps. For example, Messenger has an option to turn on ‘secret conversations’ which allows messages to self-destruct after time however this feature is not obvious so you may have been unaware of its benefits.  

The following table shows the percentage of apps that collect data on their user’s app use and files: 

CategoryData collection pointsPercentage of apps that collect data on this metric
AppMessages you send or receive80%
AppChat application data60%
AppContent you create60%
FilesPhotos and videos from your device50%

Where Are Your Favourite Apps Most Vulnerable to Cybercrime?

To gain a deeper insight into the cities your apps are most at risk of being hacked, we filtered search terms relevant to each app being hacked (e.g. ‘Instagram hacked’) across OECD capitals. The search terms were gathered in both English and the relevant countries’ languages. We then totalled  all the different results of each app’s search term to reveal the cities which are ‘hacker’s hotspots.’ 

The following table shows the cities most targeted by hackers based on the average monthly search volume for relevant ‘hacking’ terms: 

RankCountryCapitalTotal Search Volume for the keywords ‘[app name] hacked’ in both English and respective language
1United KingdomLondon4260
2MexicoMexico City2540
3FranceParis2190
4ColombiaBogotá2060
5South KoreaSeoul1550
6GermanyBerlin1400
7TurkeyAnkara1370
8ChileSantiago1180
9The NetherlandsAmsterdam1180
10AustriaVienna1130

London Is Where Your Data Is Most Likely To Be Compromised

The city with the highest search volume for relevant hacking queries – such as ‘WhatsApp hacked’ or ‘Twitter hacked’ – is London. In this capital 4,260 searches are made on average per month around hacking attempts on popular apps. With a population of over eight million and therefore a vast amount of data to mine, it’s unsurprising that London is an attractive hotspot for hackers. 

The second most hacked location is Mexico City where an average total of 2,540 monthly searches are made for terms relevant to popular apps being hacked. Mexico’s current criminal code has a vague description of punishment for hackers, offering just two definitions of the term which relate mainly to accessing secure systems and not to stealing someone else’s data. This could mean that hackers feel that the city is an easy target due to the lack of regulation surrounding the crimes they are carrying out.

Even though France has invested heavily in ensuring cybercrimes results in punishment – including a fine of €30,000 for cyber criminals – Paris ranks as the third most hacked city. However, as French defence minister Florence Parly says;

“If there is indeed a space where malevolence never sleeps, not even with one eye, a space where each of us can become the target, the vector, or even the amplifier of its threat, it is indeed the cyber-space.”

This was declared in March 2021 when France signed an agreement with the Public Interest Grouping Action Against Cybermalveillance.

How To Protect Your Privacy And Data When Using Apps And Platforms Online 

Our research shows that the world’s most popular apps and platforms are hacked on a huge scale, and the amount of personal data that is put at risk as a consequence of this is immense. Whilst we rely upon new apps to assist us in our lives and connect us with others, we should be mindful of the information we are giving to these platforms and not share anything that we want to remain private and confidential.

If you want to make use of the many apps that are available, but are concerned about the risk of being hacked and your data being compromised, our VPN expert Lasse Walstad recommends:

Be vigilant and protect your account

When using online apps and platforms it is crucial that you stay-up-to date with your account activity. If your password suddenly changes, you’re locked out of your account, or unusual activity occurs such as people you don’t follow begin to flood your feed, you should immediately take steps to protect your account such as changing your password and contacting the platform support team.

Even if you are not yet convinced your account has been hacked it is essential that you take action before a cybercriminal can and make it as difficult as possible for them to gain access. Make sure you choose strong passwords that contain a mixture of numbers and letters, only accept friend or follow requests from people you know, and only click on links from websites you recognise. All of these steps will make it harder for your account to get hacked and ensure that you remain the only person with access. 

Using two-factor authentication

If a hacker does retrieve your login information, two-factor authentication (2FA) can still prevent them from accessing your account. When you use 2FA you are required to provide your username, password, and an additional verification (usually a one-time code generated on your smartphone) to gain access to your account. This helps keep your account safe even in the event of a breach as the hacker will not have access to all of these systems. 

Limit the amount of information you give apps

The easiest way to reduce your vulnerability online is to reduce the amount of information you provide apps and platforms with. Upon registering for an account only give them access to the information they need, and make sure you read the full terms and conditions before using the app, so you can understand how much of your information could be at risk.

Installing a VPN

Installing a VPN will mean that your whole network, along with your devices that connect to your internet, will be protected. The VPN will conceal your device’s IP addresses, and encrypt your data, allowing you to use your devices safely and anonymously. 

Sources and Methodology 

Based on the apps that were most downloaded in 2021 we found the most popular apps across the following categories; social, communication, and entertainment. 

Using this we then used Google search trends over the last 12 months (July 2021-July 2022) we were able to reveal the apps which are most hacked. We searched different terms such as ‘Instagram hacked’ and ‘Instagram account hacked.’ Please note the term “*app* hacked” generated better results, so we used this to determine the 10 most hacked apps.

The apps that had the highest average monthly search volume were deemed the 10 most hacked apps around the world. We then filtered these by OECD capitals, using both the search term in English and their respective language to determine the cities which are most hacked. 

The total search terms for each app, in each city, were then added together for both the English terms and translated terms to give us the most hacked cities around the world. 

Based on the 10 most hacked apps we read the privacy policies to reveal the apps which store the most data on their users and the most commonly collected data points across the most popular apps. 

  • businessofapps.com/data/most-popular-apps/
  • ads.google.com/aw/keywordplanner/
  • facebook.com/privacy/policy
  • privacycenter.instagram.com/policy/
  • whatsapp.com/legal/privacy-policy/
  • snap.com/en-GB/privacy/privacy-policy
  • twitch.tv/p/en/legal/privacy-notice
  • help.netflix.com/legal/privacy
  • policies.google.com/privacy?hl=en-GB
  • telegram.org/privacy
  • twitter.com/en/privacy
  • rfi.fr/en/france/20210305-cyber-attacks-quadrupled-in-france-in-the-space-of-a-year-security-military-defence 
  • statista.com/statistics/264810/number-of-monthly-active-facebook-users-worldwide/
  • www.techjury.net/blog/how-many-cyber-attacks-per-day/#gref/ 
  • www.statista.com/statistics/586725/frequency-of-cyber-security-breaches-experience-by-businesses-in-the-uk/ 
  • https://www.socialmediatoday.com/news/youtube-generated-288-billion-in-ad-revenue-in-2021-fueling-the-creator/618208/ 
  • https://www.zerofox.com/blog/often-social-media-accounts-hacked/ 
  • https://mashable.com/article/facebook-messenger-testing-end-to-end-encryption-security