A team of cyber security researchers have discovered possibly the largest data leak in history, with over 26 billion records. The Mother of All Breaches (or MOAB), as it’s aptly known, is a collection of records from thousands of other leaks and breaches stored on an open instance.
The dataset has 12 terabytes of information organised into 3,800 folders (one for each data breach). The supermassive MOAB does not appear to be made up of newly stolen data only and is most likely the largest compilation of multiple breaches (COMB).
While much of the data has previously been leaked, the sheer scale of the MOAB means it almost certainly contains new information.
The MOAB was discovered by Bob Dyachenko, a cyber security researcher and owner at SecurityDiscovery.com, alongside a team from Cybernews. They say that the owner of the MOAB is unlikely to ever be identified.
The leaked information is not just credentials, most of the data is highly sensitive, making it much more dangerous, and much more valuable for bad actors. The impact of such a vast amount of data being made available in one place could be huge and unprecedented.
The breach could trigger a surge in credential-stuffing attacks, potentially targeting companies not directly mentioned in the breach, as cybercriminals attempt to exploit users who reuse their leaked credentials across multiple platforms.
The company with the largest number of records in the breach is Tencent, a Chinese messaging app. 1.4 billion of their records have been included, almost 1 billion more than the 504 million records from Chinese social media platform Weibo, which had the second-largest number of records leaked.
Some of the other big casualties in the breach include: MySpace (360m records), Twitter (281m), Deezer (258m), LinkedIn (251m), Adobe (153m), Russian social media site VK (101m), DropBox (69m) and Telegram (41m).
Additionally, government organisations in the US, Brazil, Germany, the Philippines, Turkey, and other countries are among the victims of this historic breach.
You can check the full list of affected websites on the Cybernews website here. You won’t be able to see if your individual records have been leaked, but if you have an account with any of the sites mentioned, it is a good idea to update your credentials to be safe.
How can I protect myself?
Until you can check whether your accounts have been compromised, users are strongly advised to stay vigilant and take care of their cyber hygiene.
Everyone should use strong, complex passwords, enable multi-factor authentication where possible, stay alert for phishing attempts, check for password duplicates, and promptly secure accounts that share identical passwords. The MOAB serves as a stark reminder of the urgency to prioritise and implement robust cyber security measures in an era of escalating cyber threats.