26 Billion Records Exposed From Sites Like Twitter And Discord In Mother Of All Breaches
Deemed the "Mother of all Breaches" by the reporting Cybernews team, a database of 26 billion online records (about 12 terabytes' worth) has been uncovered by cybersecurity researcher Bob Dyachenko. The top 20 sites with the most hits are as follows:
- Tencent - 1.5 billion
- Weibo - 504 million
- MySpace - 360 million
- Twitter - 281 million
- Wattpad - 271 million
- NetEase - 261 million
- Deezer - 258 million
- LinkedIn - 251 million
- AdultFriendFinder - 220 million
- Zynga - 217 million
- Luxottica - 206 million
- Evite - 179 million
- Zing - 164 million
- Adobe - 153 million
- MyFitnessPal - 151 million
- Canva - 143 million
- JD.com - 142 million
- Badoo - 127 million
- VK - 101 million
- Youku - 100 million
While these numbers are no doubt astounding and frightening, there is a ray of good news. Apparently the leaked database is a compilation of data collected from previous breaches, which means the content doesn't contain any new information. Folks who have fixed and kept up to date on their account security for these sites have nothing to fear. Just to be sure, you can use online tools like haveibeenpwned.com or built-in alerts or checkers within Android and Apple OSes, to see if your passwords have been compromised.
It's not all good news, though. Researchers are of the belief that the owner of the massive database could potentially be a bad actor. They're also concerned that the leaked data contains more than just credentials, it also consists of sensitive info that could be valuable to people with nefarious intent.
"The dataset is extremely dangerous as threat actors could leverage the aggregated data for a wide range of attacks, including identity theft, sophisticated phishing schemes, targeted cyberattacks, and unauthorized access to personal and sensitive accounts," the researchers said.
Now, data breaches are nonetheless no laughing matter. Most breaches still stem from weak password use and management, where users use the same password across different accounts and sites. Even if most of the data found in the leak is from older hacks, there's still the possibility of account holders finding themselves targets of nefarious identity theft and fraud. It cannot be stressed enough how important it is to set up unique passwords and 2-factor authentication for each service or site you have an account on.
