Security researchers have revealed that a massive database containing no less than 26 billion leaked records has been discovered on an unsecured page. Dubbed “Mother of all Breaches”, it is likely the biggest found till date, as per Forbes. The database contains sensitive information from several sites including Twitter, Dropbox and LinkedIn. The breach was discovered by researchers from Security Discovery and Cybernews and runs to 12 terabytes in size, Forbes further said in its report.
The research team believes the database was compiled by a malicious actor or data broker.
“Threat actors could leverage the aggregated data for a wide range of attacks, including identity theft, sophisticated phishing schemes, targeted cyberattacks, and unauthorized access to personal and sensitive accounts,” the researchers said.
The leaked data also has records of users from Chinese messaging giant Tencent and social media platform Weibo. Records from Adobe, Canva and Telegram have also been found.
Worryingly, the researchers said that records from an assortment of US and other government organizations can be found.
The only good news is that only a minor part of the database is new. The researchers said that it’s more a case of compiled records from thousands of previous breaches and data leaks, Forbes said.
However, the concerning part is that it includes several username and password combinations. Cyber criminals can make use of this data to carry out attacks such as identity theft, sophisticated phishing schemes, targeted cyberattacks, and gain unauthorised access to personal and sensitive accounts.
“We should never underestimate what cybercriminals can achieve with such limited information. Victims need to be aware of the consequences of stolen passwords and make the necessary security updates in response,” Jake Moore, global cybersecurity advisor at ESET, told the outlet.
In 2019, nearly one billion records were leaked from an unsecured database created by Verifications.io. At the time, it was one of the biggest and most damaging leaks ever.
Some of the other biggest leaks came from MySpace (360 million), Twitter (281 million), LinkedIn (251 million) and AdultFriendFinder (220 million).