Your personal information may have been leaked in the ‘Mother of all Breaches’ (MOAB), cybersecurity researchers have warned.
Over 26 billion personal records have been exposed, in what researchers believe to be the biggest-ever data leak.
Sensitive information from several sites including Twitter, Dropbox, and Linkedin was discovered on an unsecured page.
Worryingly, the researchers who found it claim this breach is extremely dangerous and could prompt a tsunami of cybercrime.
Here’s how to check if you have been affected.
Your personal information may have been leaked in the ‘Mother of all Breaches’, cybersecurity researchers have warned (stock image)
If you use any of these sites, then there is a good chance your details have been leaked. While some records are certainly duplicates these sites have each leaked over 100 million personal records
Bob Dyachenko, owner of SecurityDiscovery.com and researchers from Cybernews discovered the data breach on an unsecured web instance.
Likely, the owner of the massive breach will never be discovered but the researchers suggest it could be a malicious actor, data broker, or service that works with large amounts of data.
Initial studies of the data suggest that it does not come from a new breach but is actually a collection of earlier breaches.
Of the 12 terabytes of records, the researchers also note that some are almost certainly duplicates.
However, the data breach is still extremely worrying due to the sensitive nature of the information that has been released.
The researchers said: ‘The dataset is extremely dangerous as threat actors could leverage the aggregated data for a wide range of attacks.’
They say that these attacks could include identity theft, sophisticated phishing schemes, targeted cyberattacks, and unauthorized access to personal and sensitive accounts.
Data has been leaked from hundreds of different sites – more than 20 of which have released hundreds of millions of records.
The biggest leak comes from Tencent’s QQ, a popular Chinese messaging app which had 1.5 billion records in the breach.
Experts warn that the data, which was leaked from sites like Linkedin, might be extremely dangerous. Criminals can use this kind of sensitive personal information to create a massive wave of cybercrime including phishing attacks, identity theft, and targeted cyberattacks
This was followed by Weibo, the Chinese social media platform, which had 504 million records.
Some of the other biggest leaks came from MySpace (360m), Twitter (281m), Linkedin (251m), and AdultFriendFinder (220m).
The leak also included records from various government organisations from the US, Brazil, Germany, Philippines, Turkey, and others.
To see if your data has been affected by historic data breaches, you can use Cybernews’ data leak checker.
Simply enter your email address or phone number into the search bar and click ‘check now’ to see whether that account information has been leaked.
Cybernews says that it is currently working on updating the tool to ensure that it will be able to check for data leaked in this latest breach.
Alternatively, Cybernews has also created a searchable list of sites compromised by the breach.
To see if your data has been affected by historic data breaches, you can use Cybernews’ data leak checker. Simply enter your email address or phone number into the search bar and click ‘check now’ to see whether that account information has been leaked
If you are particularly worried about a site you use being affected, you can search the site’s name to see if data has been leaked.
According to the researchers, the biggest concern is that these records could provide the basis for a massive wave of cybercrime.
‘If users use the same passwords for their Netflix account as they do for their Gmail account, attackers can use this to pivot towards other, more sensitive accounts,’ they say.
‘Apart from that, users whose data has been included in supermassive MOAB may become victims of spear-phishing attacks or receive high levels of spam emails.’
If you are worried that your personal data has been leaked in this breach then the most important thing to do is update your passwords.
Ensuring that you are not using the same passwords for multiple accounts reduces the risk that one account being affected will compromise all your data.
