Approximately 26 billion records have been leaked in what has been dubbed the ‘Mother of all Breaches’ (MOAB).
This mammoth breach is considered one of the largest ever discovered and includes data from major platforms.
What websites were affected?
A closer examination of the data reveals a massive compilation of various breaches. The largest chunk, 1.4 billion records, originates from Tencent QQ, a Chinese instant messaging app. Other major platforms affected include Weibo (504 million), MySpace (360 million), Twitter (281 million), LinkedIn (251 million), and numerous others, spanning a range of industries.
Other websites affected are: WattPad, Deezer, Zing, Adobe, Canva, and Badoo.
Notably, records from various government organisations in the US, Brazil, Germany, the Philippines, Türkiye, and other countries are also part of the leaked dataset.
The MOAB was unearthed by cybersecurity researcher Bob Dyachenko and the Cybernews team.
According to the Cybernews team, it is a compilation of records meticulously gathered from thousands of leaks, breaches, and privately sold databases. The vast dataset, containing primarily information from past breaches, is suspected to hold new, previously unpublished data.
While the MOAB consists mostly of historical data, researchers emphasise the likelihood of the inclusion of new and unreleased information. With 26 billion records distributed across 3,800 folders, each corresponding to a separate data breach, the volume suggests a substantial probability of never-seen-before data.
How can I check if my data was leaked?
Users concerned about the security of their data can utilise the Cybernews data leak checker to determine if they have been affected. The tool is continuously updated to help users identify any exposure in the 'Mother of all Breaches'.
How to be safer online
The potential consumer impact of the MOAB is unprecedented. As users often reuse usernames and passwords, malicious actors could launch widespread credential-stuffing attacks. The researchers caution users to remain vigilant, emphasising the importance of cyber hygiene, strong passwords, multi-factor authentication, and awareness of phishing attempts.
To enhance your online safety, consider taking the following steps:
Change the passwords for all of your accounts associated with the leaked email addresses.
Utilise a reliable password manager to generate strong passwords and protect your accounts.
Why should I be concerned?
Experts express concern about the intentions behind the MOAB, suggesting the party behind the leak could be a malicious actor, a data broker, or a service dealing with vast amounts of data.
The dataset's enormity poses a severe threat, with potential applications in identity theft, sophisticated phishing schemes, targeted cyberattacks, and unauthorised access to personal and sensitive accounts.
Although the MOAB does not solely comprise newly stolen data, researchers believe it is the most extensive compilation of multiple breaches (COMB) to date. While duplicates are expected within the 26 billion records, the leaked data includes more than just credentials, with a substantial amount of sensitive information valuable to malicious actors.
How does this Cybernews data leak checker tool work?
The checker operates using a substantial 500 GB database of leaked hashed emails. To verify whether your email address has been compromised, enter the email address into the search field (please note that we don't collect or store email addresses).
Click on "Check Now" when it prompts you to do so.
View the search results directly on the same page.
How can hackers get your email password or other details?
Hackers and malicious entities can obtain your email password or other details through various means, including stealing your email address, password, credit card number, and additional data from companies that have stored this information and purchasing your data on darknet marketplaces.
They can also directly steal the data from you, for example, as part of a larger-scale hack.
What could happen if your data is leaked?
Even with a relatively small amount of leaked data, malicious actors can cause significant harm, such as:
Stealing your other credentials.
Attempting to use the data for phishing attacks or spam.
In severe cases, stealing your identity.
Damaging your finances or reputation.