publish time

23/01/2024

author name Arab Times

publish time

23/01/2024

Largest-ever data breach exposes 12 terabytes of sensitive information.

NEW YORK, Jan 23: In a staggering revelation, cybersecurity researchers, led by Bob Dyachenko from SecurityDiscovery.com, have unearthed a colossal data breach, coined the Mother of all Breaches (MOAB). Comprising a mind-boggling 12 terabytes of information, the leak amalgamates records from thousands of meticulously compiled and reindexed breaches, totaling over 26 billion records.

This supermassive MOAB, believed to be the largest ever discovered, raises concerns about the potential misuse of the aggregated data. Dyachenko, along with the Cybernews team, stumbled upon an open instance hosting billions of exposed records. Despite the difficulty in identifying the owner, researchers suspect a malicious actor, data broker, or service dealing with substantial data is involved.

The dataset's vastness poses severe threats, as threat actors could exploit the information for identity theft, sophisticated phishing schemes, targeted cyberattacks, and unauthorized access to personal and sensitive accounts, caution the researchers.

Contrary to containing only newly stolen data, the supermassive MOAB is likely the largest compilation of multiple breaches (COMB). While identifying over 26 billion records, duplicates are anticipated. However, the leaked data goes beyond credentials, including sensitive information valuable to malicious actors.

A closer inspection reveals records from major platforms, with Tencent QQ, a Chinese instant messaging app, leading with 1.4 billion records. Other platforms affected include Weibo (504M), MySpace (360M), Twitter (281M), Deezer (258M), Linkedin (251M), AdultFriendFinder (220M), Adobe (153M), Canva (143M), VK (101M), Daily Motion (86M), Dropbox (69M), Telegram (41M), among others.

Government organizations in the US, Brazil, Germany, the Philippines, Turkey, and other countries also find their records within this vast data repository.

The potential consumer impact of the supermassive MOAB is unprecedented. Given the common practice of reusing usernames and passwords, there is a looming threat of credential-stuffing attacks, where malicious actors could exploit shared login credentials across various platforms.

Users included in the supermassive MOAB may become vulnerable to spear-phishing attacks or high levels of spam emails, warn the researchers. The scale of this leak dwarfs previous breaches, such as the 2021 COMB containing 3.2 billion records, representing only 12% of the supermassive MOAB discovered in 2024. The sheer magnitude of this breach raises concerns about the potential wide-ranging consequences for individuals and organizations alike.