Mother of all breaches details
- The leak was discovered by researchers from Security Discovery and Cybernews. As already mentioned, this consists of 12TB of data. It has been named the “Mother Of All Breaches” or MOAB. As per Forbes, this is likely “the biggest found to date”.
- There are 26 billion records from various companies and various leaks over time filed in over 3,800 folders. Each of these folders consists of different data breaches.
- The data is leaked from companies like X (Twitter; 281M), LinkedIn (251M), Telegram (41M), Adobe (153M), Canva (143M), Deezer (258M), Dropbox (69M), AdultFriendFinder (220M), Daily Motion (86M), MySpace (360M), VK (101M), Tencent, and Weibo (504M). Tencent QQ with 1.4 billion records is the most affected.
- Even data from government institutions based in the US, Germany, Philippines, Brazil, and Turkey are part of the leak.
- However, as we said before, they all don’t belong to a single leak source. After tallying with the data they have, the researchers have found the leak consists of several past leaked data and some new, never-published-before data. The latter is concerning.
- Bad actors could use this leaked compilation for cyber attacks like phishing, hacking, and identity theft.
Jake Moore, cybersecurity advisor at ESET says, “We should never underestimate what cybercriminals can achieve with such limited information. Victims need to be aware of the consequences of stolen passwords and make the necessary security updates in response”.
Also Read
How to check if your data has leaked
- Cybernews itself has a tool called “Personal Data Leak Check“. You can enter your email ID or mobile number to see if it has been affected by this leak. You can also check data leaks in your region. For instance, per the site, in India, 236,358 accounts have been leaked. It tells you the affected platforms sorted by both recency and size.
- Alternatively, you can also go to https://haveibeenpwned.com/ and see if your email ID has been in a leak.
- As a general practice, use strong passwords, use password managers, enable two-factor authentication, and be cautious of sketchy emails and messages.