‘Mother of All Breaches’: Everything You Need to Know about 26B Records Data Leak

Users of popular services — including Twitter, Dropbox, LinkedIn, Adobe, Canva, and Telegram — have been shocked by the discovery this week of a “super beach” of 26 billion records of user info.

The breach, which has quickly become known as the “Mother of All Breaches” (MOAB), includes 12 terabytes of leaked user data from services.

Bob Dyachenko, a cybersecurity researcher at SecurityDiscovery.com, along with Cybernews.com researchers, discovered the records in open digital storage.

At this point, the owner of the storage is unknown but is thought to be a malicious actor or data broker who was compiling data from historic data breaches, leaks, and privately sold databases.

Key Takeaways

  • A breach known as the “Mother of All Breaches” (“MOAB”) has exposed a massive collection of 26 billion records of user information from popular services, including Twitter, Dropbox, LinkedIn, Adobe, Canva, and Telegram.
  • The breach, discovered by cybersecurity researchers, involves 12 terabytes of leaked user data.
  • The ‘MOAB’ poses a significant threat with the potential for cybercriminals to use the aggregated data for various attacks, including identity theft, phishing scams, and targeted cyberattacks.
  • Users are advised to check if their information has been leaked, update passwords, enable multi-factor authentication, and be vigilant against phishing emails.
  • Organizations are urged to implement comprehensive data protection strategies to mitigate the fallout from such breaches.

While the majority of the data was compiled from past breaches, the researchers point “to a very high probability” that it contains records that haven’t previously been published before.

The news comes the same week as Microsoft said that Russian-state sponsored hackers gained access to some of executive emails at the end of last year.

Advertisements

The scale of records is shocking, but how concerned should we be?

What’s the Aftermath of the Mother of All Data Breaches?

Although the scale of data compiled in one place presents a threat, the suggestion that most of the data isn’t newly leaked is promising. However, compiling it in one place creates the risk that cyber attackers will use the data dump as a key resource to fuel further cybercrime.

Sites involved in the leak include Tencent, with 1.5 billion records breached, Twitter, with 228 million records breached, LinkedIn, AdultFriendFinder, Zynga, Adobe, and Canva.

The ‘MOAB’ is said to contain over 3,800 folders — with each folder corresponding to a separate data breach.

With 26 billion records leaked, there is plenty of data that hackers can use — not just to conduct credential theft or credential stuffing attacks — but using the information to build social engineering scams and phishing emails.

Erfan Shadabi, cybersecurity expert at Comforte Data Security, told Techopedia:

“The potential consumer impact of the MOAB is unprecedented, with the researchers highlighting the risk of a tsunami of credential-stuffing attacks.

 

“This threat is particularly potent due to the widespread practice of username and password reuse. In light of this, organizations must recognize the urgency of implementing comprehensive data protection strategies to mitigate the fallout from such breaches.”

However, it is worth pointing out that if this is a compendium of previous breaches and database hacks, then we should be more concerned about how many breaches happen against major services rather than fear new private information is out there.

Still, everything in one place offers malicious actors more scope to carry out attacks on individuals.

The researchers at Cybernews.com said: “The dataset is extremely dangerous as threat actors could leverage the aggregated data for a wide range of attacks, including identity theft, sophisticated phishing schemes, targeted cyberattacks, and unauthorized access to personal and sensitive accounts.”

How Users Can Protect Themselves From the Mother of All Breaches

Users who are concerned their information may have been leaked can use free services such as Have I Been Pwned to check whether their online account information has been leaked as part of any other historical breaches.

If a service you use has been compromised, it’s a direct call to action to update your account with a unique, strong password and to enable multi-factor authentication to prevent anyone from trying to log in with stolen credentials. Using a password manager can help make it easier to manage passwords across a high number of accounts.

Users may also need to prepare for an uptick in phishing emails, which might use information harvested from these leaks to appear more convincing and trick users into clicking on links to fake websites or malicious attachments.

Spotting phishing emails can be challenging, but you can help yourself by only opening attachments and links from known senders and by ignoring emails that ask you to update account information, passwords, or subscriptions (if you think such an email is legitimate – you can visit the site manually in your browser to check).

From an enterprise perspective, it is always important to talk to your employees about online security. Having an Incident Response Plan is also a crucial playbook for any company.

In the long run, investing in phishing awareness training will also pay dividends to teach employees how to detect suspicious emails.

This will reduce the chance of them being tricked into disclosing sensitive information and passwords to threat actors.

The Bottom Line

Don’t panic. The Mother of all Breaches may be a significant threat, but if you are proactive about protecting your online accounts by changing your passwords and enabling MFA, you significantly decrease the chance of being hacked.

Using these basic measures and being prepared to ignore and report phishing emails will help ensure you stay safe online.

And if the ‘MOAB’ is largely a compilation rather than new data, then the information out there on individuals today may not be worse than it was last week — although there may be more malicious actors sniffing through the records.

Advertisements

Related Reading

Related Terms

Advertisements
Tim Keary

Since January 2017, Tim Keary has been a freelance technology writer and reporter, covering enterprise technology and information security.