A researcher at Security Discovery found the largest data leak ever, which exposed an estimated 26 billion records containing user’s personal information from dozens of sites, from Snapchat to MySpace.
Bob Dyachenko, a cybersecurity researcher and owner of Security Discovery, discovered the breach along with Cybernews. This is the largest data leak ever found, comprised of “billions upon billions” of user records “meticulously compiled” and reindexed leaks, breaches, and privately sold databases. The information contains mainly information from past data breaches. However, experts say there is “certainly” new information gathered as well.
Security Discovery says it’s probable that most people have been affected by the leak. The breach revealed records from LinkedIn, Snapchat, Venmo, Adobe, X, and dozens of other sites. Tencent was the most impacted, with 1.5 billion records, followed by Weibo with 504 million, MySpace with 260 million, X with 281 million, and WattPad with 271 million.
The cache hosts 26 billion records in more than 3,800 folders – each folder corresponds to a separate data breach. However, Security Discovery points out there is a high probability of new information being exposed in what it’s calling “the mother of all data breaches (MOAB).”
To put the extent of this breach into perspective, in 2021, Cybernews reported a compilation of multiple breaches with 3.2 billion records, only 12% of this new supermassive leak.
There are no leads on who compiled the list, and Security Discovery says the malicious actor may never be identified. Researchers believe the owner of the MOAB “has a vested interest in storing large amounts of data” and could work for a service that hosts such massive quantities of information.
“The dataset is extremely dangerous as threat actors could leverage the aggregated data for a wide range of attacks, including identity theft, sophisticated phishing schemes, targeted cyberattacks, and unauthorized access to personal and sensitive accounts,” said researchers, according to Cybernews.
Security Discovery said the 26 billion records total 12 terabytes of information. While duplicate records are likely, this database is the culmination of dozens of breaches, the largest compilation ever found.
The leak spans dozens of companies in multiple countries, including the U.S., Brazil, Germany, Philippines, and Turkey. Security Discovery says the impact of the “supermassive MOAB” could be “unprecedented” since people tend to recycle usernames and passwords across accounts.
This could result in what the researchers called a “tsunami of credential-stuffing attacks.”
“If users use the same passwords for their Netflix account as they do for their Gmail account, attackers can use this to pivot towards other, more sensitive accounts,” said Security Discovery. “Apart from that, users whose data has been included in supermassive MOAB may become victims of spear-phishing attacks or receive high levels of spam emails.”
Visit the Cybernews data leak checker to see if your information was compromised. Change your passwords and make sure you select strong ones. Also, enable multi-factor authentication, eliminate password duplicates, and be wary of phishing or spear-phishing attempts.