One of the largest data breaches to date could compromise billions of accounts worldwide, prompting concerns of widespread cybercrime.
Dubbed the “Mother of All Breaches,” the massive leak revealed 26 billion records — including popular sites like LinkedIn, Snapchat, Venmo, Adobe and X, formerly Twitter — in what experts are calling the biggest leak in history.
The compromised data includes more than just login credentials, according to experts. Much of it is “sensitive,” making it “valuable for malicious actors,” per Cybernews, which first discovered the breach on an unsecured website.
“The dataset is extremely dangerous as threat actors could leverage the aggregated data for a wide range of attacks, including identity theft, sophisticated phishing schemes, targeted cyberattacks, and unauthorized access to personal and sensitive accounts,” the researchers, comprised of cybersecurity expert Bob Dyachenko and the team at Cybernews, explained.
The latest data breach is considered the largest of all time.
Cybernews’ head of security research Mantas Sasnauskas told the Daily Mail that “probably the majority of the population have been affected.”
The one glimmer of hope, though, is that the 12 terabytes of data, which appears to be a meticulous compilation of many breaches (COMB), does not contain anything “newly stolen.”
Cybernews said it “discovered billions upon billions of exposed records on an open instance,” which means it was open for anyone to see.
Experts are urging users to stay vigilant about phishing scams and to change their passwords.
While the owner is likely to never be identified, the team hypothesized that they could be a data broker, malicious cybercriminal or someone with access to large amounts of data.
The largest amount of data exposed is from the Chinese instant messaging platform Tencent, with 1.4 billion records compromised.
Weibo trailed behind with 504 million records leaked, MySpace with 360 million, Twitter with 281 million, music streaming platform Deezer with 258 million and LinkedIn with 251 million.
Other major sites include Adobe, Telegram and Dropbox, as well as lesser-known sites like Doordash, Canva and Snapchat and various government organizations around the world, including those in the US.
Cybernews has compiled a searchable list online where users can look up potentially compromised sites.
Users can also look up email addresses and phone numbers using Cybernews’ personal data leak checker.
The scale of the leak’s impact is likely to be “unprecedented,” according to Cybernews, and the sheer volume of data compromised makes past breaches look minuscule in comparison.
In November, the outlet reported a COMB that revealed 3.2 billion records, which was considered the “largest breach of all time” when discovered.
“We should never underestimate what cybercriminals can achieve with such limited information,” Eset’s global cybersecurity advisory Jake Moore told Computer Weekly.
“If users use the same passwords for their Netflix account as they do for their Gmail account, attackers can use this to pivot towards other, more sensitive accounts,” they explained.
“Apart from that, users whose data has been included in supermassive MOAB may become victims of spear-phishing attacks or receive high levels of spam emails.”
Experts have long advised against re-using the same, easily guessed passwords for multiple accounts, while recommending the use of a password manager to create and store strong logins.
“We should never underestimate what cybercriminals can achieve with such limited information,” Eset’s global cybersecurity advisory Jake Moore told Computer Weekly.
He urged people to change their passwords promptly, stay vigilant against phishing emails and turn on two-factor authentication for all accounts, regardless of whether they were affected by the latest breach.
“Many systems share platforms and are aggressively attempted with the latest attacks,” he continued. “Lots of networks rely heavily on updates, but when a vulnerability is located, it is a race against time to patch the issue before the data is compromised.”