View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
January 23, 2024

‘Mother of all breaches’ discovered as 26 billion records leaked

The so-called 'Mother of all breaches' or 'MOAB' amounts to 12 terabytes of information and constitutes one of the largest data breaches in history.

By Greg Noone

A gigantic trove of 26 billion stolen records containing user data from LinkedIn, X (formerly Twitter), Adobe and other platforms has been discovered. Informally dubbed the “Mother of all breaches” (MOAB), the trove – discovered by cybersecurity researcher Bob Dyachenko in collaboration with Cybernews – is equivalent to 12 terabytes of information and is thought to have been compiled by either a cybercriminal gang or an underworld data broker.

An abstract red and black background, used to illustrate a story about the so-called 'Mother of all breaches' or MOAB.
(Photo by KateStudio / Shutterstock)

‘Mother of all breaches’ contains old data, but still dangerous

The dataset, said researchers from Cybernews, “is extremely dangerous as threat actors could leverage the aggregated data for a wide range of attacks, including identity theft, sophisticated phishing schemes, targeted cyberattacks and unauthorised access to personal and sensitive accounts.” It also dwarfs the next-largest data leak, known as the ‘Compilation of Many Breaches’ (COMB), which only amounted to a relatively paltry 3.2bn records.

So far, the MOAB appears to be comprised of mostly old data scraped together from previously reported breaches. These include approximately 1.4 bn and 504m records respectively from the Chinese messaging apps Tencent and Weibo, 360m from MySpace, 281m from X (formerly Twitter) and 41m from Telegram, among many others. Given the sheer size of the dataset, however, it is also likely to contain new data from more recent breaches. 

Even access to the old data included in the MOAB is likely to benefit cybercriminals, Cybernews warned, with hackers still able to use it to mount credential-stuffing attacks to target businesses and individuals with poor password security. Additionally, it said, “Users whose data has been included in [the] supermassive MOAB may become victims of spear-phishing attacks or receive high levels of spam emails.”

Identity of who might be responsible for MOAB list unclear

As part of their reporting, Cybernews have built two interactive databases containing information on which companies and email addresses have been found so far inside the MOAB (the latter can be found here.) Any businesses or individuals caught up in the leak would be wise to change their passwords, be alert to phishing emails and ensure that all of their accounts are equipped with multi-factor authentication, ESET’s global cybersecurity advisor Jake Moore told Tech Monitor.

Identifying who was responsible for compiling such a large repository of stolen data will be harder to much harder to achieve for cybersecurity researchers and law enforcement agencies, he added. “It is…very difficult to say who could be behind this attack,” said Moore. “So many criminal groups and independent cyberattackers are always on the hunt for vulnerabilities to exploit.”

In the view of Darktrace’s Hanah Darley, however, the size and composition of the MOAB indicate that it was constructed by an initial access broker, a figure who procures and resells access to corporate systems. “Given these credentials are all from a variety of data breaches,” says the cybersecurity firm’s head of threat research, “it is possible many of these credentials have already been targeted or exploited, so may or may not prove vulnerable and therefore, valuable.”

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

Tech Monitor reached out to LinkedIn, X and Telegram for their responses to claims that user data from their platforms had been found inside the MOAB. X and Telegram have yet to respond, but a spokesperson from LinkedIn said that the platform is working to fully investigate claims that data from its users was included in the MOAB. “We have seen no evidence that LinkedIn’s systems were breached,” they added.

Read more: New cybersecurity guidelines for businesses in UK published

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.