News
Print Article

Your personal information may have been leaked in the 'Mother of all Breaches' (MOAB)

24/01/2024
ISSUE
  • Huge data leak dubbed the 'Mother of all Breaches' sees 26 BILLION records leaked from sites including Twitter, LinkedIn, and Dropbox
  • Experts warn the massive data breach could trigger a wave of cybercrime.
  • The researchers say that this could be the largest data breach to ever occur.
READ MORE
  1. Over 26 billion personal records have been exposed, in what researchers believe to be the biggest-ever data leak.
  2. Sensitive information from several sites including Twitter, Dropbox, and LinkedIn was discovered on an unsecured page.
  3. Worryingly, the researchers who found it claim this breach is extremely dangerous and could prompt a tsunami of cybercrime.
  4. If you use any of these sites, then there is a good chance your details have been leaked. While some records are certainly duplicating these sites have each leaked over 100 million personal records

HOW TO CHECK IF YOUR DATA HAS BEEN LEAKED
  1. To see if your data has been affected by historic data breaches, you can use Cybernews' data leak checker. https://cybernews.com/personal-data-leak-check/
  2. Simply enter your email address or phone number into the search bar and click 'check now' to see whether that account information has been leaked.
  3. Cybernews says that it is currently working on updating the tool to ensure that it will be able to check for data leaked in this latest breach.
  4. Alternatively, Cybernews has also created a searchable list of sites compromised by the breach. https://cybernews.com/security/billions-passwords-credentials-leaked-mother-of-all-breaches/
  5. If you are particularly worried about a site, you use being affected you can search the site's name to see if data has been leaked.
KEY FACTS
  1. Bob Dyachenko, owner of SecurityDiscovery.com and researchers from Cybernews discovered the data breach on an unsecured web instance.
  2. Likely, the owner of the massive breach will never be discovered but the researchers suggest it could be a malicious actor, data broker, or service that works with large amounts of data.
  3. Initial studies of the data suggest that it does not come from a new breach but is actually a collection of earlier breaches.
  4. Of the 12 terabytes of records, the researchers also note that some are almost certainly duplicates.
  5. However, the data breach is still extremely worrying due to the sensitive nature of the information that has been released.
  6. The researchers said:
    1. 'The dataset is extremely dangerous as threat actors could leverage the aggregated data for a wide range of attacks.'
    1. These attacks could include identity theft, sophisticated phishing schemes, targeted cyberattacks, and unauthorized access to personal and sensitive accounts.
    1. Data has been leaked from hundreds of different sites - more than 20 of which have released hundreds of millions of records.
  1. The biggest leak comes from Tencent's QQ, a popular Chinese messaging app which had 1.5 billion records in the breach.
  2. For context, in 2019 nearly one billion records were leaked from an unsecured database created by Verifications.io.
  3. At the time this was one of the biggest and most damaging leaks ever, yet it did not contain as much data as QQ alone has now leaked.
  4. Experts warn that the data, which was leaked from sites like LinkedIn, might be extremely dangerous.
    1. Criminals can use this kind of sensitive personal information to create a massive wave of cybercrime including phishing attacks, identity theft, and targeted cyberattacks.
  1. This was followed by Weibo, the Chinese social media platform, which had 504 million records.
  2. Some of the other biggest leaks came from
    1. MySpace (360m),
    2. Twitter (281m),
    3. Linkedin (251m), and
    4. AdultFriendFinder (220m).
  1. A LinkedIn spokesperson told MailOnline:
    1. 'We are working to fully investigate these claims and we have seen no evidence that LinkedIn's systems were breached.'
  1. The leak also included records from various government organisations from the US, Brazil, Germany, Philippines, Turkey, and others.
  2. Jake Moore, global cybersecurity advisor for ESET told MailOnline:
    1. 'This is an absolutely huge breach of data.
    1. 'Cybercriminals cannot ever be underestimated with what they can achieve with even minimal information but if passwords have been taken the victims need to be aware of the consequences and must make the appropriate security updates.'
  1. To see if your data has been affected by historic data breaches, you can use Cybernews' data leak checker.
    1. https://cybernews.com/personal-data-leak-check/
    1. Simply enter your email address or phone number into the search bar and click 'check now' to see whether that account information has been leaked.
  1. Cybernews says that it is currently working on updating the tool to ensure that it will be able to check for data leaked in this latest breach.
  2. Alternatively, Cybernews has also created a searchable list of sites compromised by the breach.
    1. https://cybernews.com/security/billions-passwords-credentials-leaked-mother-of-all-breaches/
    1. To see if your data has been affected by historic data breaches, you can use Cybernews' data leak checker.
    1. Simply enter your email address or phone number into the search bar and click 'check now' to see whether that account information has been leaked.
  1. If you are particularly worried about a site you use being affected, you can search the site's name to see if data has been leaked.
  2. According to the researchers,
    1. The biggest concern is that these records could provide the basis for a massive wave of cybercrime.
    1. 'If users use the same passwords for their Netflix account as they do for their Gmail account, attackers can use this to pivot towards other, more sensitive accounts,' they say.
    1. By accessing databases of previous leaks, cybercriminals are able to match email addresses and identifying information across accounts.
  1. For example,
    1. If you use the same mobile number for your bank and for Twitter, hackers might use this breach to find their way to your banking information.
  1. Experts warn.
    1. That if you use the same passwords and identifying information for social media accounts like X, formerly Twitter, as you do for more important services like banking apps, you might be at risk of a serious cyberattack
  1. For this reason, experts warn not to give out any more personal information online than is absolutely necessary.
    1. 'Apart from that, users whose data has been included in supermassive MOAB may become victims of spear-phishing attacks or receive high levels of spam emails.'
    1. If you are worried that your personal data has been leaked in this breach, then the most important thing to do is update your passwords.
    1. Ensuring that you are not using the same passwords for multiple accounts reduces the risk that one account being affected will compromise all your data.
  1. Mr Moore added:
    1. 'Those affected will need to change their passwords and be alert to follow up phishing emails whilst making sure all accounts - whether affected or not - are equipped with two factor authentication.'
SOURCE
UNITED KINGDOM DATA PROTECTION YOUTUBE-IMAGE

The Team

Meet the team of industry experts behind Comsure

Find out more

Latest News

Keep up to date with the very latest news from Comsure

Find out more

Gallery

View our latest imagery from our news and work

Find out more

Contact

Think we can help you and your business? Chat to us today

Get In Touch

News Disclaimer

As well as owning and publishing Comsure's copyrighted works, Comsure wishes to use the copyright-protected works of others. To do so, Comsure is applying for exemptions in the UK copyright law. There are certain very specific situations where Comsure is permitted to do so without seeking permission from the owner. These exemptions are in the copyright sections of the Copyright, Designs and Patents Act 1988 (as amended)[www.gov.UK/government/publications/copyright-acts-and-related-laws]. Many situations allow for Comsure to apply for exemptions. These include 1] Non-commercial research and private study, 2] Criticism, review and reporting of current events, 3] the copying of works in any medium as long as the use is to illustrate a point. 4] no posting is for commercial purposes [payment]. (for a full list of exemptions, please read here www.gov.uk/guidance/exceptions-to-copyright]. Concerning the exceptions, Comsure will acknowledge the work of the source author by providing a link to the source material. Comsure claims no ownership of non-Comsure content. The non-Comsure articles posted on the Comsure website are deemed important, relevant, and newsworthy to a Comsure audience (e.g. regulated financial services and professional firms [DNFSBs]). Comsure does not wish to take any credit for the publication, and the publication can be read in full in its original form if you click the articles link that always accompanies the news item. Also, Comsure does not seek any payment for highlighting these important articles. If you want any article removed, Comsure will automatically do so on a reasonable request if you email info@comsuregroup.com.