A massive 26 billion record data leak known as the ‘mother of all breaches’ has been released en-masse by an unknown source, prompting advice for users globally to change login credentials for several services.
The leak, discovered by cybersecurity researcher Bob Dyachenko and released through Cybernews, casts its net far and wide, revealing data from Tencent, Twitter, Deezer, Dropbox, and LinkedIn, to name a few.
Tencent tops the chart, with 1.5 billion records leaked, followed by Weibo at 504 million and MySpace at 360 million.
According to researchers, the huge database is comprised of reindexed leaks, breaches, and privately sold databases, drawing stark attention to the wealth of data available to threat actors.
Erfan Shadabi, cyber security expert at comforte AG said the potential impact of the data leak could be “unprecedented”, and warned that the incident could prompt a wave of credential-stuffing attacks.
“This threat is particularly potent due to the widespread practice of username and password reuse,” Shadabi said.
“In light of this, organizations must recognize the urgency of implementing comprehensive data protection strategies to mitigate the fallout from such breaches.”
The ‘mother of all breaches’ shines a light on our digital footprints
Arctic Wolf CISO Adam Marrè said the sheer scale of the data leak should act as a wake up call for both individuals and businesses alike worldwide.
“This is a good time to remember that many of the online tools and platforms we use get breached and either leak or lose our information,” he said.
“Threat actors hold onto this data forever, and even add to it, as evidenced by this trove of information,” Marrè added. “Now, more than ever, we need to have good security practices in the face of this reality.”
The digital age has created, among other things, a world in which the average person will leave a digital footprint, likely a large one, in the form of reams of personal data and account details.
With cyber attacks and data breaches having increased rapidly in recent months, one security expert said it’s easy to forget where this data often end up in the wake of an incident.
“The predominant focus tends to be on the technical aspects of an attack – how it infiltrated, its path, and the removal of the attack code,” Greg Day, SVP and global field CISO at Cybereason, told ITPro.
“Unfortunately, the crucial human element is frequently overlooked,” he added.
“Questions surrounding the actions of the adversary, such as the creation of new accounts, theft of user accounts, or the manipulation of data from the compromised business, often go unexplored.”
This recent leak reminds users that data never disappears, and leaked data is no exception.
How victims can protect themselves after the ‘mother of all breaches’
Key steps to mitigate the potential risks associated with the breach include making immediate changes to account security and changing login credentials, researchers said.
Discover how generative AI offers the technical support to operate successfully
DOWNLOAD NOW
“Victims need to be aware of the consequences of stolen passwords and make the necessary security updates in response,” said Jake Moore, global cybersecurity advisor at ESET.
“This includes changing their passwords, being alert to phishing emails following the breach, and ensuring all accounts, whether affected or not, are equipped with two-factor authentication,” he added.
Marrè echoed this sentiment on two-factor authentication, adding that regularly checking whether your email has been affected by a data breach is also important, as well using a password manager for complex and non-reused passwords.
