News Hub

26 billion records leaked in ‘mother of all breaches’

Written by Tue 23 Jan 2024

26 billion records leaked in 'mother of all breaches'

An unprecedented 26 billion records have been leaked in what has been dubbed the ‘Mother Of All Breaches’.

Cybersecurity researcher Bob Dyachenko from SecurityDiscovery.com, in collaboration with the Cybernews team, uncovered the colossal data breach, which amalgamates data from various platforms like LinkedIn, Twitter, Weibo, Tencent, and others.

Researchers believe that the owner of the ‘Mother Of All Breaches’ has a vested interest in storing large amounts of data. They could be a malicious actor, data broker, or a service that works with large amounts of data.

“The dataset is extremely dangerous as threat actors could leverage the aggregated data for a wide range of attacks, including identity theft, sophisticated phishing schemes, targeted cyberattacks, and unauthorised access to personal and sensitive accounts,” said the researchers.

The Scope and Impact of the ‘Mother of All Breaches’

This breach, consisting of 12 terabytes of information across 26 billion records, is believed to be the largest ever discovered.

The ‘Mother Of All Breaches’ contains data over 3,800 folders, each corresponding to a separate breach. Researchers suggest that while much of the data is from past breaches, there is a high probability of previously unpublished information being included.

“While significant in size, the breach follow a pattern of malicious actors aggregating leaked credentials of several unrelated data breaches together into one database like COMB in 2021,” saidC hristian Scott, COO and CISO of Gotham Security, an Abacus Group Company.

The data primarily comes from past breaches, including substantial numbers from Tencent QQ (1.5B), Weibo (504m), MySpace (360m), Twitter/X (281m), Deezer (258m), Linkedin (251m), AdultFriendFinder (220m), Adobe (153m), Canva (143m), VK (101m), Dailymotion (86m), Dropbox (69m), Telegram (41m), among many others.

The leak also impacts various government organisations in the US, Brazil, Germany, the Philippines, Turkey, and other countries.

The compromised data poses significant threats, as it includes sensitive information valuable to malicious actors for identity theft, phishing schemes, targeted cyberattacks, and unauthorised account access.

“If users use the same passwords for their Netflix account as they do for their Gmail account, attackers can use this to pivot towards other, more sensitive accounts.

“Apart from that, users whose data has been included in supermassive ‘Mother of All Breaches’ may become victims of spear-phishing attacks or receive high levels of spam emails,” said the researchers from SecurityDiscovery.com and Cybernews.

Malicious actors are also able to leverage these breached credentials at scale to conduct credential-stuffing attacks against other services and company accounts in an attempt to gain access to additional systems via reused passwords.

“This information allows malicious actors to infer commonly used passwords by staff at an organisation to perform curated password spraying attacks,” added Christian Scott.

A LinkedIn spokesperson has responded to the breach, stating, ‘we are working to fully investigate these claims and we have seen no evidence that LinkedIn’s systems were breached’.

What are the Implications of the ‘Mother of All Breaches’

Companies impacted in this leak may risk significant and far-reaching consequences, including financial implications and potentially regulatory fines, as well as significant reputational damage.

“All businesses are trusted by their partners and customers to keep their data safe, and once that trust has been compromised, it’s incredibly difficult to win it back,” said Scott.

All members of the public and businesses should avoid reusing passwords. They should also mploy long passphrases, change compromised passwords, and implement multi-factor authentication (MFA) in as many places as possible.

Christian Scott advised companies without a robust corporate password management solution that automatically monitors for breaches and leaks can use HaveIBeenPwned’s free domain search tool, which has been a staple in the security research community.

“Organisations should not consider multi-factor authentication as a fool-proof strategy for preventing staff from being compromised,” added Scott.

Features such as impossible travel detection, device-based conditional access policies, and additional login context with reverse number matching on MFA push notifications within Microsoft Entra (Azure AD) and Intune should be considered.

“Staff should also consider their personal security posture to protect themselves and their families. Attacking individuals to get a foothold into a greater organisation is a standard technique employed by malicious actors,” added Scott.

The massive scale of this breach highlights the ever-present danger of data compromises and the importance of robust cybersecurity measures.

> Check if your data has been leaked

Join Cloud & Cyber Security Expo

6-7 March 2024, ExCeL London

Cloud & Cyber Security Expo is one of the largest IT security events in Europe.

Don’t miss the chance to build partnerships and discover solutions to protect your business.

Written by Tue 23 Jan 2024

Send us a correction Send us a news tip