We review vendors based on rigorous testing and research but also take into account your feedback and our affiliate commission with providers. Some providers are owned by our parent company.
Learn more
vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.
Advertising Disclosure

vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.

26 Billion Records Exposed in Mother of All Breaches

26 Billion Records Exposed in Mother of All Breaches
Author Image Hendrik Human
Hendrik Human Published on 28th January 2024 Cybersecurity Researcher

On January 22, 2024, Bob Dyachenko, owner of SecurityDiscovery.com, along with researchers from Cybernews, announced they had discovered a massive leak containing 26 billion records. The data consists of sensitive user information from popular sites like Twitter, Weibo, Tencent, LinkedIn, Dropbox, and more, and it’s widely believed to be the largest known data breach to date.

According to the Cybernews team, the majority of the data comes from previous leaks, appearing to be a compilation of multiple breaches rather than a single incident. The researchers also stated that they discovered this sensitive data on an open instance, and that the owner is unlikely to be identified.

What was dubbed The Mother of All Breaches (MOAB) encompasses a staggering 26 billion records distributed across 3,800 folders. Each folder corresponds to a unique data breach incident, and the vast collection of records amounts to over 12 terabytes of data.

While some records are inevitably duplicates, much of it is unique. The largest amount of data exposed appears to be from Tencent QQ, with 1.4 billion records leaked, followed by Weibo with 504 million, and MySpace with 360 million. Other significantly affected platforms include Twitter with 281 million records, and LinkedIn with 251 million.

The breach also encompasses data from several government entities across countries like the United States, Brazil, Germany, the Philippines, and Turkey.

The investigating team is concerned about a wave of cyberattacks, given the sheer scale of the breach. Hackers or opportunists could use the information in spear phishing, credential stuffing, and brute force attacks. Internet users who reuse their passwords on multiple sites are particularly vulnerable.

As the researchers explain, “The dataset is extremely dangerous as threat actors could leverage the aggregated data for a wide range of attacks, including identity theft, sophisticated phishing schemes, targeted cyberattacks, and unauthorized access to personal and sensitive accounts.”

This MOAB overshadows recent data breaches, including a December 2023 estate wealth network leak that exposed 1.5 billion user records. Potential victims can use tools like Cybernews’ data leak checker to see if their credentials have been compromised.

About the Author

Hendrik is a writer at vpnMentor, specializing in VPN comparisons and user guides. With 5+ years of experience as a tech and cybersecurity writer, plus a background in corporate IT, he brings a variety of perspectives to test VPN services and analyze how they address the needs of different users.