Massive internet data breach dubbed the 'Mother of all breaches' sees 26 billion files leaked from sites including Twitter, Linkedin and Dropbox.
Personal data may have been leaked to “mother of all breaches,” cyber security researchers warn, according to the Daily Mail.
Over 26 billion pieces of personal information exposed, in what researchers believe is the biggest data leak of all time. Sensitive information from various sites includingTwitter, Dropbox and Linkedin was discovered on an unsecured page.
The researchers who discovered it claim that thebreach is extremely dangerous and could cause a tsunami of cybercrimes.
Bob Dyachenko, owner of SecurityDiscovery.com, and researchers from Cybernews discovered the data breach. In all likelihood, o“mastermind” of the massive breach will never be discovered, but researchers suggest it could be a malicious actor, a data broker or a service working with a large database.
The initial studies of the data suggest that it does not come from a new breach, but is actually a collection of previous breaches. Of the 12 terabytes of files, the researchers also note that some are almost certainly duplicates. However, the data breach remains extremely concerning due to the sensitive nature of the informationthat has been made public. The researchers said: “The data set is extremely dangerous, as threat actors could leverage the aggregated data for a wide range of attacks.”
They say these attacks could include identity theft, sophisticated phishing schemes, targeted cyber attacks and unauthorized access to personal and sensitive accounts. Data has been leaked from hundreds of different websites – more than 20 of which have gone public hundreds of millions of files.
'This is a massive data breach'
The biggest leak comes from Tencent's QQ, a popular Chinese messaging app, which had 1.5 billion files in the breach.
For comparison, in 2019 nearly a billion files were leaked from an insecure database created by Verifications.io. At the time this was one of the biggest and most damaging leaks ever, but it did not contain as much data as QQ alone has leaked now.
Followed by Weibo, the Chinese platform social network, which had 504 million leaked files. Some of the other biggest leaks came fromMySpace (360 million), Twitter (281 million), Linkedin (251 million) and AdultFriendFinder (220 million).
The leak also included files from various government organizations from the US, Brazil, Germany, the Philippines, Turkey and other countries.
Jake Moore, cybersecurity consultant at ESET, told the Daily Mail that “this is a massive data breach”.
«Cybercriminals can never be underestimatedwith what they can accomplish with even minimal information, but if passwords have been obtained, victims should be aware of the consequences and should make the appropriate security updates.”< /p>
“To see if your data has been affected by historical data breaches, you can use the Cybernews data breach checker.”
“Just type your email address or phone number into the search bar and click 'check now'to see if that account's information has been leaked.”
Cybernews reports that it is currently working to update the tool to ensure it will be able to check for data leaked in this latest breach.
Alternatively, Cybernews also created a searchable directory of the websites that were compromised by the breach.
A basis for a massive online crime wave
According to the researchers, the biggest concern is that these files could be the basis for a massive crime wave in cyber space.
“If people use the same passwords for their Netflix account as they use for their Gmail account, attackers can use this to switch to other, more sensitive accounts,” they say.
By accessing databases of past leaks, cybercriminals are able to match email addresses and identifying information across all accounts.
For example, if someone uses the same mobile number for your bank and Twitter, hackers could use this breach to find their way to his banking information.
For this reason, experts warn against giving out more personal information online than is absolutely necessary.
Moore added: “ Those affected should change their passwords and be vigilant about monitoring phishing emails, while ensuring that all accounts – whether affected or not – are equipped with two-factor authentication.”
source: iefimerida.gr