A massive data leak containing 12 terabytes of information and over 26 billion data points of exposed records has been discovered by Bob Dyachenko, a cybersecurity researcher and owner at SecurityDiscovery.com, and the Cybernews team.
This supermassive Mother of all Breaches (MOAB), a compilation of multiple breaches (COMB), is speculated to be the largest discovered so far. The leaked dataset contains mainly information from past data breaches and new data that has not been published before. It comprises over 3,800 folders, each corresponding to a separate data breach. It is speculated that the owner of the MOAB may have been storing these data as a malicious actor, data broker, or some service that works with large amounts of data.
'The dataset is extremely dangerous as threat actors could leverage the aggregated data for a wide range of attacks, including identity theft, sophisticated phishing schemes, targeted cyberattacks, and unauthorised access to personal and sensitive accounts,' shared the researcher.
Cybernews shared that their investigation found that nearly 1.4 billion records come from Tencent QQ. Additionally millions of records were found from Weibo (504M), MySpace (360M), Twitter (281M), Deezer (258M), Linkedin (251M), AdultFriendFinder (220M), Adobe (153M), Canva (143M), VK (101M), Daily Motion (86M), Dropbox (69M), Telegram (41M), and many other companies. Leaked records of government organisations from the US, Brazil, Germany, Philippines, Turkiye, etc were also found.
Why is it relevant?
This leak is probably the most extensive COMB and has been unseen before. For instance, Cybernews shared that in 2021, a COMB that contained 3.2 billion records was only 12% of this MOAB.
The impact of this attack on consumers could be huge, mainly since, apart from credentials, even sensitive data was found. As many people reuse usernames and passwords, they could be exploited by malicious actors.
It is essential that users stay alert and adopt cyber hygiene, such as using strong passwords, enabling multi-factor authentication, setting up new protection for accounts that share the same passwords, etc.