A package with 26 billion data records containing access data appeared online. It is intended to contain user access data from many companies such as LinkedIn, Adobe or Dropbox, as well as from other companies and organizations. It remains to be seen whether the data is dangerous or current.
The numbers sound gigantic: 12 terabytes of information contain 26 billion data sets with access data and 3.800 folders with sorted information. Bob Dyachenko, cybersecurity researcher and owner of SecurityDiscovery.com, along with the Cybernews team, discovered the billions of exposed records on an open instance whose owner will likely never be identified.
Many new data sets with access data
The experts call the data package MOAB for short – Mother of all Breaches. In their list they include many names of companies from which the data is supposed to come. After initial research and comparisons with their own breach database and the existing 13 billion entries, there is said to be a lot of new information in the data sets. You want to evaluate these and then expand the database. Each user can then enter their email address or telephone number and query whether they can be found in a data record relating to a specific data breach. For example, in Cognite's published collection with billions of data records or the breach at Mastercard.
According to the website Cybernews, the largest number of records at 1,4 billion comes from Tencent QQ, a Chinese instant messaging app. The other data sets are said to come from these companies: Weibo (504 million), MySpace (360 million), Twitter (281 million), Deezer (258 million), Linkedin (251 million), AdultFriendFinder (220 million), Adobe (153 million) , Canva (143 million). , VK (101 million), Daily Motion (86 million), Dropbox (69 million), Telegram (41 million) and many other companies and organizations.
Cybernews' data leak checker allows users to check whether their data was exposed in these data breaches. According to the research team, the impact of the supermassive MOAB on consumers could be unprecedented. Since many people reuse usernames and passwords, malicious actors could launch a tsunami of credential stuffing attacks.
Directly to the data leak checker