26 billion leaked data found in an online database
Security researchers have warned that a database containing no less than 26 billion leaked data has been discovered. The supermassive data leak, or the mother of all breaches as researchers refer to it, is likely to be the largest found to date.
01/23 updates below. This article was originally published on January 22.
Here’s what you need to know
According to researchers from Security Discovery and CyberNews, the newly discovered database of leaked data is 12 terabytes in size and deserves the title MOAB.
The research team believes that the database of 26 billion records found in an open storage instance was likely compiled by a malicious actor or data broker. “Threat actors can use the collected data for a wide range of attacks, including identity theft, sophisticated phishing schemes, targeted cyber attacks and unauthorized access to personal and sensitive accounts,” they say.
In addition to data from Chinese messaging giant Tencent and social network Weibo, data from users of platforms and services such as Twitter, Dropbox, LinkedIn, Adobe, Canva and Telegram are also found in this database. Worryingly, the researchers also say data can be found from a variety of US and other government organizations.
If there’s any good news to be found in such a discovery, it’s that little of this appears to be new data. Instead, researchers say, it’s more a case of data compiled from thousands of previous breaches and data leaks. Additionally, there is obviously a large amount of duplicate data in this review. However, the inclusion of usernames and password combinations means that this is a cause for concern. I would expect an increase, if current levels are not high enough, in credential stuffing attacks over the next few weeks as a result.
Here’s what you should do
“We should never underestimate what cybercriminals can accomplish with such limited information,” says Jake Moore, global cybersecurity advisor at ESET. “Victims should be aware of the consequences of stolen passwords and make the necessary security updates in response,” Moore continues, “this includes changing their passwords, being alert to phishing emails after a breach, and ensuring all accounts, whether affected or not, are equipped with two-factor authentication.”
01/23 Update: I’ve reached out to LinkedIn, Dropbox and Twitter/X for statements. Dropbox is currently handling my request, Twitter/X sent a reply saying it was busy, but at least I didn’t get a poo emoji. A LinkedIn spokesperson told me: “We are working to fully investigate these allegations and have seen no evidence that LinkedIn’s systems have been breached. You can find more information on how we keep members safe from hacking here. Meanwhile, some security experts have now commented on the implications of this database being out there.
Adam Pilton, cyber security consultant at CyberSmart: “This is a huge amount of data. In the physical world, 12 terabytes is equivalent to 15,600 filing cabinets. Individuals who believe they have been affected should change their passwords. However, all we must assume that some of our data is held in this data set, as such we must take action to protect ourselves, also enabling two-factor authentication is an important step to protect ourselves from attacks that include compromised credentials.
Josh Hickling, principal consultant at Pentest People: “I would expect that over the next few days people will be targeted with phishing emails using this breach to somehow mask their agenda. This will likely come in the form of forcing users to divulge credentials to other apps/sites instilling fear that their credentials have been exposed in this breach when they most likely haven’t. It’s certainly a time to stay alert for signs of compromise and opportunistic email threats.”
Richard Bird, chief security officer of Traceable AI: “Maybe it finally takes something like a MOAB to get the US Government and the companies operating within its borders to wake the hell up. We live in a nation with no national data privacy laws, no incentives for companies to be protective of the data entrusted to them, and no barriers that seem to work. A list like this will only create more victims who will have to settle the damages done to them on their own, with no consequences for the companies that provided that data in the first place.”
Although the data from this latest breach and leak summary discovery has not yet been entered, you can use this free leak checker tool at CyberNews. This will reveal previous instances where your email address has been leaked, including some of the services from the MOAB database. You can also use the free Have I Been Pwned service.
Above all, though, don’t panic. If you maintain good credential hygiene, using strong and unique passwords that aren’t reused elsewhere, and two-factor authentication where available, you should be safe. If you don’t, now is a good time to start.
