26 Billion Records Exposed in Mother of All Breaches
On January 22, 2024, Bob Dyachenko, owner of SecurityDiscovery.com, along with researchers from Cybernews, announced they had discovered a massive leak containing 26 billion records. The data consists of sensitive user information from popular sites like Twitter, Weibo, Tencent, LinkedIn, Dropbox, and more, and it’s widely believed to be the largest known data breach to date.
According to the Cybernews team, the majority of the data comes from previous leaks, appearing to be a compilation of multiple breaches rather than a single incident. The researchers also stated that they discovered this sensitive data on an open instance, and that the owner is unlikely to be identified.
What was dubbed The Mother of All Breaches (MOAB) encompasses a staggering 26 billion records distributed across 3,800 folders. Each folder corresponds to a unique data breach incident, and the vast collection of records amounts to over 12 terabytes of data.
While some records are inevitably duplicates, much of it is unique. The largest amount of data exposed appears to be from Tencent QQ, with 1.4 billion records leaked, followed by Weibo with 504 million, and MySpace with 360 million. Other significantly affected platforms include Twitter with 281 million records, and LinkedIn with 251 million.
The breach also encompasses data from several government entities across countries like the United States, Brazil, Germany, the Philippines, and Turkey.
The investigating team is concerned about a wave of cyberattacks, given the sheer scale of the breach. Hackers or opportunists could use the information in spear phishing, credential stuffing, and brute force attacks. Internet users who reuse their passwords on multiple sites are particularly vulnerable.
As the researchers explain, “The dataset is extremely dangerous as threat actors could leverage the aggregated data for a wide range of attacks, including identity theft, sophisticated phishing schemes, targeted cyberattacks, and unauthorized access to personal and sensitive accounts.”
This MOAB overshadows recent data breaches, including a December 2023 estate wealth network leak that exposed 1.5 billion user records. Potential victims can use tools like Cybernews’ data leak checker to see if their credentials have been compromised.