Massive leak exposes 26 billion records in mother of all breaches

midian182

midian182

Posts: 9,745   +121
Staff member
What just happened? Researchers have discovered a database composed of stolen user credentials and personally identifiable information (PII) so large that it's been dubbed the mother of all breaches (MOAB). The dataset contains no fewer than 26 billion records, making up 12TB of data from sites including Twitter/X, LinkedIn, Weibo, Tencent, and more.

Cybersecurity researcher Bob Diachenko, who has uncovered many big data leaks over the years, and the CyberNews team discovered the exposed records.

As is the case with similar databases, most of the data in MOAB has been gathered together from previous leaks over the years. But the sheer number of records it contains suggests there will be new information that has never before appeared online.

The database, containing 26 billion records across 3,800 folders, each corresponding to a separate data breach, is likely the largest-ever compilation of multiple breaches.

The largest number of records, 1.5 billion, come from Tencent, followed by Weibo (504 million), MySpace (360 million), and Twitter/X (281 million). The inclusion of social media pioneer MySpace highlights how old some of these records are, but then plenty of people keep reusing the same email and password combo, enabling hackers to use credential stuffing attacks. There are also 86 million records from Dailymotion, 69 million from Dropbox, and 41 million from Telegram.

"Threat actors could leverage the aggregated data for a wide range of attacks, including identity theft, sophisticated phishing schemes, targeted cyberattacks, and unauthorized access to personal and sensitive accounts," the researchers write.

The database also contains records from various government organizations, including those from the US, which is a concern.

While MOAB is thought to be the biggest of its kind ever discovered, there are always duplicate records in these datasets, and it's worth reiterating that the vast majority of the records come from older leaks. Nevertheless, don't be surprised if instances of attempted and successful account hacks increase over the next few weeks.

News of the database comes just a week after Troy Hunt, operator of Have I Been Pwned, uncovered a data dump containing 71 million unique credentials and 25 million never-before-seen passwords. It's possible that some of these records also appear in MOAB.

Permalink to story.

https://www.techspot.com/news/101623-massive-leak-exposes-26-billion-records-mother-all.html

 
Only listed company on that list that I used at one point was Linkedin. A handful of years ago I officially closed my account and according to linkedin, 30 days after an account closure your data is erased. So, hopefully that is the case and all my data has been purged from their system per their guidelines and regulations.

Myspace, is that still a thing?
 
  • Like
Reactions: WhoCaresAnymore and p51d007
Even if you do not have an account or service listed, please check anyway! I just checked and my data WAS breached with a company I have never heard of or used! Katapult. Turns out they are a shopping site which are affiliated with other shopping sites such as Walmart and Amazon. Not sure if my info was sold TO Katapult or if they got it from Walmart or Amazon. Either way, I changed my gmail account password, as well as my Walmart and Amazon and then turned on two step verification for good measure.
 
  • Like
Reactions: Clynt, barca1au, atomicgirl and 4 others
Neatfeatguy said:
Only listed company on that list that I used at one point was Linkedin. A handful of years ago I officially closed my account and according to linkedin, 30 days after an account closure your data is erased. So, hopefully that is the case and all my data has been purged from their system per their guidelines and regulations.

Myspace, is that still a thing?
Click to expand...
I think you misunderstood. Most of these will be very old leaks that have been collected over the years. The only known linkedin hack was 5 May 2012 where 164 million email addresses and passwords were exposed. I imagine most of the number above is these.
 
KristiHugs said:
Even if you do not have an account or service listed, please check anyway! I just checked and my data WAS breached with a company I have never heard of or used! Katapult. Turns out they are a shopping site which are affiliated with other shopping sites such as Walmart and Amazon. Not sure if my info was sold TO Katapult or if they got it from Walmart or Amazon. Either way, I changed my gmail account password, as well as my Walmart and Amazon and then turned on two step verification for good measure.
Click to expand...
Katapult was hacked three years ago so I wouldn't immediately panic..
 
redgarl said:
The good news for me is that I use none of those services...
Click to expand...

It doesn't matter. If relatives, friends and coworkers use these services, you're exposed anyway. There's a big database (or network of databases) that just doesn't store information about anyone foolish enough to give away their privacy on social media, but whoever they might be affiliated with.
 
  • Like
Reactions: barca1au
You must log in or register to reply here.

Similar threads

midian182
Vinyl records outsell CDs for the second consecutive year
Replies
12
Views
209
OortCloud
O
midian182
Number of data breaches falls globally, triples in the US
Replies
11
Views
244
dangh
dangh
midian182
Gaming PC shipments dropped 13.2% in 2023 while gaming monitors saw growth
Replies
4
Views
119
Neatfeatguy
N

Latest posts

Back