Business, Security

Mother of All Breaches: what’s going on?

Luis Monzon

24th January 2024

A massive database of stolen information has been found online, containing 12TB of private user data. It is believed to be the largest such database ever.
The database has been put together by threat actors over several years, sourcing information from different breaches and hacks that have taken place.
Records from governments and companies like Tencent, LinkedIn, Dropbox and Adobe are present, among many others.

An enormous database of stolen user information and private data has been uncovered by a team of researchers. This database comprises around 26 billion records – 12TB of data – and is so large that it is being dubbed “the mother of all breaches.”

Cybersecurity researcher Bob Diachenko and the team at CyberNews found the exposed information, which has been partitioned across 3 800 folders and contains information of users stolen from companies including Tencent, Weibo, MySpace, Twitter/X, LinkedIn, Adobe, MyFitnessPal, AdultFriendFinder, Canva, Badoo, Wattpad and more.

The biggest companies implicated in the massive data leak. Image sourced from CyberNews.

The database has been put together by threat actors gathering leaked and stolen data over several years sourced from multiple breaches and is possibly the largest such compilation of private user information ever.

Some of the information in the folders is likely quite old, noted by the presence of files from MySpace, which launched in 2003. It is also important to note that duplicate files are possible with a repository this vast.

But the sheer number of data present in the “Mother of All Breaches” means that it is also likely that some of the information is new and could be from recent hacks or leaks. The largest single supplier of private data comes from Tencent – one of the world’s largest corporations and videogame vendors – which has 1.5 billion records present.

Tencent is a part owner of companies like WeChat, part owner of game developers Riot Games (League of Legends), Epic (Fortnite), Funcom and others. It is possible that users who have given private information to any of the companies under Tencent could have some of their data present in the database.

Weibo follows with 504 million records, then MySpace with 360 million, and then X/Twitter with 281 million records.

If you are an X user, or user of any of these firms, now would be a good time to check if your email account has been compromised via the CyberNews Data Leak Checker, which has been updated to include records from the database. The checker will also tell you where your information was taken from.

Other less affected companies include the likes of Dailymotion with 86 million records, and Dropbox with 69 million. There are also 41 million records present from Telegram. Records from government organisations in the US, Brazil, Germany, the Phillipines, Turkey and other countries are also present

Threat actors can use the Mother of All Breaches and the data therein to support several different types of attack vectors.

“The dataset is extremely dangerous as threat actors could leverage the aggregated data for a wide range of attacks, including identity theft, sophisticated phishing schemes, targeted cyberattacks, and unauthorized access to personal and sensitive accounts,” the researchers explain.

There are ways to protect yourself if your information has been leaked, including setting up two-factor authentication on as many devices as you can. Also, use stronger passwords with multiple cases that are harder to guess. Keep on eye out for phishing attempts via email, and try to use different passwords for different accounts.

[Image – Photo by Towfiqu Barbhuiya on Unsplash]