A substantial data breach has been unveiled, involving a colossal 26 billion leaked records discovered on an unprotected page, earning it the moniker “Mother of all Breaches.” Forbes reports that this breach is likely the largest ever identified. The extensive database, totaling 12 terabytes in size, encompasses sensitive information gleaned from various sites, including Twitter, Dropbox, and LinkedIn. Security Discovery and Cybernews researchers unearthed this breach.
According to the research team, it is probable that the database was compiled by a malicious actor or data broker. The severity of the situation is underlined by the potential misuse of the aggregated data for a multitude of malicious activities, such as identity theft, advanced phishing schemes, targeted cyberattacks, and unauthorized access to personal and sensitive accounts.
Notably, the leaked data also contains records from users of Chinese messaging giant Tencent and social media platform Weibo. Additionally, records from Adobe, Canva, and Telegram have been identified. Alarming revelations include records from an array of U.S. and other government organizations being part of the breach.
While there is a silver lining in that only a minor portion of the database is comprised of new information, the presence of numerous username and password combinations is cause for concern. Cybercriminals could exploit this data to perpetrate various attacks, including identity theft, sophisticated phishing, and gaining unauthorized access to sensitive accounts.
Jake Moore, a global cybersecurity advisor at ESET, emphasizes the need for victims to comprehend the potential repercussions of stolen passwords and urges them to implement necessary security updates. The researchers highlight that cybercriminals can achieve significant harm even with limited information.
This massive data breach follows a trend of prominent incidents, such as the 2019 leak of nearly one billion records from Verifications.io, which was considered one of the most substantial and damaging breaches at the time. Other notable breaches include MySpace (360 million), Twitter (281 million), LinkedIn (251 million), and AdultFriendFinder (220 million). As organizations grapple with the fallout, cybersecurity remains a critical concern in the face of evolving threats.