A gigantic trove of 26 billion stolen records containing user data from LinkedIn, X (formerly Twitter), Adobe and other platforms has been discovered. Informally dubbed the “Mother of all breaches” (MOAB), the trove – discovered by cybersecurity researcher Bob Dyachenko in collaboration with Cybernews – is equivalent to 12 terabytes of information and is thought to have been compiled by either a cybercriminal gang or an underworld data broker.
‘Mother of all breaches’ contains old data, but still dangerous
The dataset, said researchers from Cybernews, “is extremely dangerous as threat actors could leverage the aggregated data for a wide range of attacks, including identity theft, sophisticated phishing schemes, targeted cyberattacks and unauthorised access to personal and sensitive accounts.” It also dwarfs the next-largest data leak, known as the ‘Compilation of Many Breaches’ (COMB), which only amounted to a relatively paltry 3.2bn records.
So far, the MOAB appears to be comprised of mostly old data scraped together from previously reported breaches. These include approximately 1.4 bn and 504m records respectively from the Chinese messaging apps Tencent and Weibo, 360m from MySpace, 281m from X (formerly Twitter) and 41m from Telegram, among many others. Given the sheer size of the dataset, however, it is also likely to contain new data from more recent breaches.
Even access to the old data included in the MOAB is likely to benefit cybercriminals, Cybernews warned, with hackers still able to use it to mount credential-stuffing attacks to target businesses and individuals with poor password security. Additionally, it said, “Users whose data has been included in [the] supermassive MOAB may become victims of spear-phishing attacks or receive high levels of spam emails.”
Identity of who might be responsible for MOAB list unclear
As part of their reporting, Cybernews have built two interactive databases containing information on which companies and email addresses have been found so far inside the MOAB (the latter can be found here.) Any businesses or individuals caught up in the leak would be wise to change their passwords, be alert to phishing emails and ensure that all of their accounts are equipped with multi-factor authentication, ESET’s global cybersecurity advisor Jake Moore told Tech Monitor.
Identifying who was responsible for compiling such a large repository of stolen data will be harder to much harder to achieve for cybersecurity researchers and law enforcement agencies, he added. “It is…very difficult to say who could be behind this attack,” said Moore. “So many criminal groups and independent cyberattackers are always on the hunt for vulnerabilities to exploit.”
In the view of Darktrace’s Hanah Darley, however, the size and composition of the MOAB indicate that it was constructed by an initial access broker, a figure who procures and resells access to corporate systems. “Given these credentials are all from a variety of data breaches,” says the cybersecurity firm’s head of threat research, “it is possible many of these credentials have already been targeted or exploited, so may or may not prove vulnerable and therefore, valuable.”
Tech Monitor reached out to LinkedIn, X and Telegram for their responses to claims that user data from their platforms had been found inside the MOAB. X and Telegram have yet to respond, but a spokesperson from LinkedIn said that the platform is working to fully investigate claims that data from its users was included in the MOAB. “We have seen no evidence that LinkedIn’s systems were breached,” they added.