data
26 Billion Data Stolen in What Experts Call 'Mother of All Data Breaches
The leak contains user data from LinkedIn, Twitter, Weibo, Tencent and other platforms, it is almost certainly the largest ever discovered.
Bob Dyachenko, cybersecurity researcher and owner of SecurityDiscovery.com, and the Cybernews team discovered a theft of millions of pieces of data that the industry has already dubbed the"Mother of All Breaches" (MOAB).
These leaks include records of thousands of breaches and privately sold databases meticulously compiled and reindexed, according to researchers and specialized media.
According to experts, while the leaked dataset primarily contains information from past data breaches, it almost certainly contains new data that was not released before, including information from more than 2,500 data breaches with 15 billion records.
... includes information from
more than 2,500 leaks
never seen before, according to
according to
researchers.
The so-called MOAB contains 26 billion records in 3800 folders, with each folder corresponding to a separate data breach. While this does not mean that the difference between the two automatically translates into unpublished data, billions of new records point to a very high probability that the MOAB contains never-before-seen information, according to the researchers.
Experts believe that the owner of the MOAB has a vested interest in storing large amounts of data and, therefore, could be a malicious actor, a data broker or some service that works with large amounts of data.
"The dataset is extremely dangerous asthreat actors could leverage the aggregated data for a wide range of attacks, including identitytheft , sophisticated phishing schemes, targeted cyberattacks and unauthorized access to personal and confidential accounts," the experts said.
The supermassive MOAB, according to the researchers, does not appear to be composed solely of newly stolen data and is likely the largest collection of multiple leaks.
While the team of experts identified more than 26 billion records, it is also very likely that there are duplicates, but such data does contain much more information than just credentials; most of the exposed data is confidential and therefore valuable to malicious individuals.
Allegedly, the largest number of registrations, 1.4 billion, came from Tencent QQ, a Chinese instant messaging application. It is followed by:
-
Weibo, 504 million
-
MySpace, 360 million
-
Twitter, 281 million
-
Deezer, 258 million
-
Linkedin, 251 million
-
AdultFriendFinder, 220 million
-
Adobe, 153 million
-
Canva, 143 million
-
VK, 101 million
-
Daily Motion, 86 million
-
Dropbox, 69 million
-
Telegram, 41 million
-
And many other companies and organizations
The leak also includes records from several government organizations in the United States, Brazil, Germany, the Philippines, Turkey and other countries.
According to the team of experts, the impact of the super-massive MOAB on consumers could be unprecedented as many people reuse usernames and passwords, so malicious individuals could embark on a tsunami of credential stuffing attacks.
"If users use the same passwords for their Netflix account as for their Gmail account, attackers can use this to target other, more sensitive accounts. Apart from that, users whose data has been included in supermassive MOAB can become victims of phishing attacks or receive high levels of unwanted emails," experts said.
At Anida Latam we are committed to offer, create and devise cybersecurity strategies for our customers and prospects that allow them to have technology, tools, implementation services and managed services through our Security Operations Center (SOC). Learn more here
Source: Forbes Magazine
