Home Consumer “The Mother Of All Breaches”: 26 Billion Records Found Online

“The Mother Of All Breaches”: 26 Billion Records Found Online

https://www.freepik.com/free-photo/hacked-system-dark-background-3d-illustration_32697234.htm#page=2&query=data%20breach&position=19&from_view=search&track=ais&uuid=6a272615-1892-4f3a-93d7-915da0d3c815

By Davey Winder

Security researchers have warned that a database containing no less than 26 billion leaked data records has been discovered. The supermassive data leak, or mother of all breaches as the researchers refer to it, is likely the biggest found to date.

Here’s What You Need To Know

According to researchers from Security Discovery and CyberNews, the newly discovered database of leaked data runs to 12 terabytes in size and deserves the MOAB title.

The research team thinks that the 26 billion record database, found on an open storage instance, will likely have been compiled by a malicious actor or data broker. “Threat actors could leverage the aggregated data for a wide range of attacks, including identity theft, sophisticated phishing schemes, targeted cyberattacks, and unauthorized access to personal and sensitive accounts,” they say.

As well as data from Chinese messaging giant Tencent and social media outfit Weibo, records from users of platforms and services such as Twitter, Dropbox, LinkedIn, Adobe, Canva and Telegram is also to be found in this database. Worryingly, the researchers also say that records from an assortment of U.S. and other government organizations can be found.

If there is good news to be found in such a discovery, it is that little of this appears to be new data. Instead, the researchers say, it’s more a case of compiled records from thousands of previous breaches and data leaks.

What’s more, there are undoubtedly a large number of duplicate data records within this compilation. The inclusion of usernames and password combinations does, however, still mean this is a cause for concern. I’d expect a surge, if current levels aren’t high enough, in credential stuffing attacks over the coming weeks as a result.

“We should never underestimate what cybercriminals can achieve with such limited information,” Jake Moore, global cybersecurity advisor at ESET, says. “Victims need to be aware of the consequences of stolen passwords and make the necessary security updates in response,” Moore continues, “this includes changing their passwords, being alert to phishing emails following the breach, and ensuring all accounts, whether affected or not, are equipped with two-factor authentication.”

update: I have reached out to LinkedIn, Dropbox and Twitter/X for statements. Dropbox is dealing with my inquiry currently, Twitter/X sent a reply saying it was busy, but at least I didn’t get a poo emoji. A LinkedIn spokesperson told me: “We are working to fully investigate these claims and we have seen no evidence that LinkedIn’s systems were breached. You can find more information on how we keep members safe from scraping here. Meanwhile, several security experts have now commented on the implications of this database being out there.

Continue reading