Massive data leak leaves 26 billion records exposed

When it comes to data leaks, this one takes the cake. The Mother of all Breaches (MOAB for short) is a colossal compilation, incorporating records from thousands of meticulously gathered and reindexed leaks, breaches, and privately sold databases. You can find the complete and searchable list at the end of this article.

Bob Dyachenko, a cybersecurity researcher and owner of SecurityDiscovery.com, along with the Cybernews team, stumbled upon an astronomical number of exposed records on an open instance, and it’s highly unlikely that we’ll ever figure out who owns it.

Yet, the researchers suspect that the owner has a significant stake in hoarding vast amounts of data, suggesting they might be a malicious actor, data broker, or some service dealing with extensive data quantities.

“The dataset is extremely dangerous as threat actors could leverage the aggregated data for a wide range of attacks, including identity theft, sophisticated phishing schemes, targeted cyberattacks, and unauthorized access to personal and sensitive accounts,” the researchers said.

The supermassive MOAB doesn’t seem to consist solely of recently stolen data and is probably the largest compilation of multiple breaches, known as COMB. Although the team pinpointed over 26 billion records, duplicates are quite probable. Nevertheless, the leaked data goes beyond just credentials; a substantial portion contains sensitive information, making it highly valuable for malicious actors.

A swift check through the data tree unveils an astonishingly vast collection of records gathered from past breaches. The top contributor is Tencent QQ, a Chinese instant messaging app, with a whopping 1.4 billion records.

But that’s not all – there are reportedly hundreds of millions of records from platforms like Weibo (504M), MySpace (360M), Twitter (281M), Deezer (258M), Linkedin (251M), AdultFriendFinder (220M), Adobe (153M), Canva (143M), VK (101M), Daily Motion (86M), Dropbox (69M), Telegram (41M), and various other companies and organizations.

The leak also has records from different government organizations in the US, Brazil, Germany, Philippines, Turkey, and more. The team suggests that the consumer fallout from the supermassive MOAB might be unlike anything we’ve seen before. Given that many people reuse usernames and passwords, there’s a risk of malicious actors launching a massive wave of credential-stuffing attacks.

The sheer magnitude of the leak is unlike anything we’ve seen before. To put it in perspective, in 2021, Cybernews covered a COMB with 3.2 billion records, which is just 12.