The world of cybersecurity is reeling from what’s being called the ‘Mother of all Breaches’ (MOAB). This massive data leak has exposed over 26 billion personal records, potentially the largest data breach ever.
Details Of The Leak
Bob Dyachenko from SecurityDiscovery.com, along with Cybernews researchers, discovered this breach on an unsecured website.
The breached data, totalling a massive 12 terabytes, likely is a combination of multiple earlier breaches. Interestingly, the leak involves data from a wide range of sites, with some like Tencent’s QQ messaging app leaking up to 1.5 billion records.
Companies like Linkedin, whose data was part of the breach, are investigating the claims. A Linkedin spokesperson reported no evidence of their systems being compromised.
Implications Of The Breach
A data breach is never a good thing, but given the personal identity element involved, alarms are being raised. The breach poses threats including identity theft, phishing schemes, cyberattacks, and unauthorised access to personal and sensitive accounts.
A significant concern posed by professionals is the potential for cybercriminals to use this data in coordinated attacks, exploiting the aggregated information for harmful purposes.
More from Cybersecurity
Protecting Your Data
To check if your data is compromised, Cybernews offers a data leak checker. Simply entering your email address or phone number can reveal if your account information has been leaked.
Additionally, a list of affected sites is available for users to verify if any sites they use have been affected. If you haven’t changed your password recently, cybersecurity experts advise updating passwords and using unique passwords for different accounts to lower risks.
Two-factor authentication is another great way to enhance security.
Commenting on this, Adam Pilton, Cyber Security Consultant at CyberSmart said: “This is a huge amount of data. In the physical world, 12 terabytes are equivalent to 15,600 filing cabinets. With the data sets coming from Twitter, Deezer, LinkedIn, Adobe and more, our home and work lives could be affected.
“Although this is an exceptionally large amount of data we must take a step back from that and look at what the potential impact could truly be. Many individuals reuse usernames and passwords across multiple accounts, making them vulnerable to exploitation. Additionally, spear-phishing attacks and a surge in spam emails targeting individuals whose data is exposed are highly likely, posing a substantial risk to our security.
“Individuals who believe they are affected should change their passwords. We must all assume though that some of our data is held in this data set, as such we must take action to protect ourselves too. Enabling two-factor authentication is a significant step in protecting ourselves against attacks that involve breached credentials.
“As always, people play a significant role in security. Ensuring that we are trained and aware of the threats faced, as well as how to respond will make a difference in preventing attacks and quickly identifying them.”
Preventive Measures and Best Practices
Experts suggest the best way to protect yourself is to minimise the personal information you share online. In light of this breach, they particularly caution against using the same passwords for important sites and using Password Managers to keep the information safe and secure.
Josh Hickling, Principal Consultant at Pentest People commented: “This once again highlights the possibility for members of the public and businesses to suffer from opportunistic compromise, exploiting credential stuffing/credential reuse. It demonstrates the importance of utilising a password manager not only in a business setting but in a personal capacity also. If a set of credentials is breached, it would be localised to the affected website rather than extended to other systems. This breach also provides a nice pretext for threat actors to target less tech-savvy users with Phishing.
“I would expect over the coming days that people will be targeted with Phishing mail utilising this breach to masquerade their agenda somewhat. This will likely come in the form of coercing users into divulging credentials for other applications/sites by instilling fear that their credentials have been discovered in this breach when they most likely haven’t. It is certainly a time to stay vigilant for signs of compromise and opportunistic email threats.”
This data breach serves as a reminder of the vulnerability of digital data. Individuals must work hard to safeguard themselves and protect their personal information in a digital world.