One of the largest data breaches to date could compromise billions of accounts worldwide, raising concerns about widespread cybercrime.
Dubbed the “Mother of all breaches,” the massive leak revealed 26 billion records (including popular sites such as LinkedIn, Snapchat, Venmo, Adobe and X, formerly Twitter) in what experts are calling the largest leak in history.
What does this leak include?
According to experts, the compromised data includes more than just login credentials. Much of it is “sensitive,” making it “valuable to malicious actors,” according to Cybernews, which first discovered the breach on an unsecured website.
“The dataset is extremely dangerous as threat actors could leverage the aggregated data for a wide range of attacks, including identity theft, sophisticated phishing schemes, targeted cyber attacks and unauthorized access to personal and confidential accounts,” said researchers, including cybersecurity expert Bob. Dyachenko and the Cybernews team, they explained.
Cybernews’ head of security research, Mantas Sasnauskas, told the Daily Mail that “probably most of the population has been affected.”
Massive cyber theft
The only glimmer of hope, however, is that the 12 terabytes of data, which appears to be a meticulous compilation of many (COMB) breaches, does not contain anything “newly stolen.”
Cybernews said it “discovered billions of records exposed in an open instance,” meaning it was open for anyone to see.
While the owner will likely never be identified, the team hypothesized that it could be a data broker, a malicious cybercriminal, or someone with access to large amounts of data.
Exposed data
The largest amount of exposed data came from Chinese instant messaging platform Tencent, with 1.4 billion compromised records. Weibo followed with 504 million leaked records, MySpace with 360 million, Twitter with 281 million, streaming music platform Deezer with 258 million and LinkedIn with 251 million.
Other top sites include Adobe, Telegram and Dropbox, as well as lesser-known sites such as Doordash, Canva and Snapchat and several government organizations around the world, including those in the United States.
Cybernews has compiled an online searchable list where users can search for potentially compromised sites.
Users can also search for email addresses and phone numbers using Cybernews’ personal data leak checker.
The scale of the breach’s impact is likely to be unprecedented, according to Cybernews, and the sheer volume of compromised data makes past leaks seem minuscule in comparison.
In November, the media outlet reported on a COMB that revealed 3.2 billion records, which was deemed the “largest breach of all time” when it was discovered.
Another way to be exposed.
“If users use the same passwords for their Netflix account as they do for their Gmail account, attackers can use this to pivot to other, more sensitive accounts,” they explained.
“Aside from that, users whose data has been included in supermassive MOAB can become victims of phishing attacks or receive high levels of unwanted emails.”
Experts have long advised against reusing the same easy-to-guess passwords for multiple accounts, while recommending the use of a password manager to create and store secure logins.
“We should never underestimate what cybercriminals can accomplish with such limited information,” Jake Moore, Eset’s global cybersecurity advisor, told Computer Weekly.
Changing passwords
He urged people to change their passwords as soon as possible, stay vigilant against phishing emails and enable two-factor authentication for all accounts, regardless of whether they were affected by the latest breach.
“Many systems share platforms and are aggressively targeted with the latest attacks,” he continued. “Many networks rely heavily on updates, but when a vulnerability is located, it’s a race against time to fix the problem before data is compromised.”