This became the largest Internet leak in history. How did they do it?
What is the "Mother of All Breaches" (MOAB) and how is it a threat? Here are the details about the biggest confidential data breach ever.
Do you remember the scandal that erupted several years ago around the leak of Facebook account data? Since then, user data leaks that occur as a result of technical failures, deliberate distribution or hacker attacks have become commonplace on the Internet, and yet they pose a great danger not only for individual users, but also for large corporations and even states, such as Pentagon data leak on Discord or a massive leak of Toyota customers data that occurred over several years. A new cybercrime record was recently set when the largest data breach in history was discovered.
Researcher Bob Dyachenko and the Cybernews, a publication that investigates and studies cybersecurity threats and vulnerabilities, have discovered a publicly accessible database of sensitive nature on the Internet that combines 12 terabytes of information or more than 26 billion individual records. Among the largest sources of this data are 1.4 billion records from the Chinese messaging app Tencent QQ, as well as supposedly hundreds of millions of records from Weibo (504M), MySpace (360M), Twitter (281M), Deezer (258M), Linkedin (251M), AdultFriendFinder (220M), Adobe (153M), Canva (143M), VK (101M), Daily Motion (86M), Dropbox (69M), Telegram (41M), and other companies and organizations. The leak also includes data from government organizations in the US, Brazil, Germany, Philippines, Turkey, and other countries.
Cybernews team members recommend that all users check whether their data was included in this leak. You can do this using an online tool that Cybernews has developed.
It is not entirely clear who is responsible for posting it, although according to the agency, the search engine Leak-Lookup stated that it was the owner of the leaked dataset and that the leak was caused by a "misconfiguration of the firewall", which was subsequently corrected. According to the researchers, this data is of great interest to attackers and can have an unprecedented impact on the affected parties, and on Internet security in general. The main danger is that using this data, any attacker can obtain keys for further targeted phishing and access to other personal and confidential accounts, especially knowing that many users use the same passwords for different accounts. "If users use the same passwords for their Netflix account as they do for their Gmail account, attackers can use this to move into other, more sensitive accounts. In addition, users whose data was included in the super-massive MOAB may become victims of spear-phishing attacks or receive large amounts of spam messages," the researchers said.