Security researchers claim to have discovered a dataset containing 26 billion leaked records from such prominent brands as Twitter, LinkedIn, Adobe, and Myspace, constituting the biggest known data leak of all time.
The unprecedented discovery is being credited to security researcher Bob Dyachenko alongside cyber security experts at tech analysis and news company Cybernews.
On Monday, Cybernews described the data leak as a “supermassive mother of all breaches”, or MOAB for short, before warning the new-found data set includes records from “thousands of meticulously compiled and reindexed leaks, breaches and privately sold databases”.
The leak – whose owner is “unlikely ever to be identified” – involves data from some of the world’s most recognisable brands, including Twitter, LinkedIn, Adobe, Myspace, Dropbox, Canva and many more.
The Cybernews team said the bulk of information in the leaked dataset can be attributed to past data breaches, but further warned it “almost certainly” holds new data which has not been previously published.
Using their in-house data leak checker tool – which relies on data from “all major data leaks” – the Cybernews team had already identified 15 billion records from over 2,500 existing data breaches.
In the newly discovered MOAB dataset however, the team discovered a considerably larger 26 billion records across 3,800 separate data breaches.
The leaked data reportedly contains “far more information than just credentials”, including records from various international government organisations in the US, Brazil, Germany, Philippines, Türkiye (formerly Turkey), and other countries.
Cybernews said the largest number of records comes from Chinese messaging app Tencent QQ at 1.4 billion, with Chinese microblogging website Weibo coming in second at 504 million records.
Some 360 million records were linked to social media platform Myspace, while Twitter and LinkedIn trailed behind at 281 million records and 251 million records respectively.
A spokesperson for LinkedIn told Information Age it was working to “fully investigate” the claims but has seen “no evidence that LinkedIn's systems were breached”.
Among the Australian organisations appearing in the list are Western Sydney University (WSU) and popular bookseller Dymocks – although Cybernews did not disclose the number of records leaked for either organisation.
Dymocks and WSU have been contacted for comment.
Leak deemed “extremely dangerous”
In the Cybernews release, researchers warned swathes of personal data could be at risk of exposure to threat actors looking to leverage sensitive information in future attacks.
“The dataset is extremely dangerous,” the researchers said.
“Threat actors could leverage the aggregated data for a wide range of attacks, including identity theft, sophisticated phishing schemes, targeted cyber attacks, and unauthorised access to personal and sensitive accounts.”
While there is a high likelihood of the leak dataset holding duplicate records, the research suggested a “very high probability” it also contains never-before-seen information – leading the Cybernews team to warn of a potentially “unprecedented” impact to consumers.
“Since many people reuse usernames and passwords, malicious actors could embark on a tsunami of credential-stuffing attacks,” wrote Cybernews.
Credential stuffing refers to a common attack method which exploits previously stolen login details to access accounts which use the same credentials across multiple platforms.
In Australia, recent findings from cyber security company Kasada revealed a rampant credential-stuffing scheme had impacted some 15,000 Australian online accounts since last November, with that number continuing to grow.
Despite the scale of the MOAB leak, however, director at Australian tech consultancy Zoak Solutions, Mark Culhane, told Information Age he didn’t expect a major increase in attacks.
“There was not a significant amount of new personally identifiable information in this aggregated release, and most of the cybercrime groups already have this type of aggregation available themselves,” said Culhane.
“I don't really expect there to be a significant increase in attacks.”
Culhane said incidents such as the MOAB leak are simply indicative of the current state of cyber security and internet technology, and encouraged Australians to prepare for a certain amount of risk considering the current threat landscape.
“Compared to other industries, information technology and the internet is in still in its infancy,” said Culhane.
“That, compounding with the rate of growth in users and the now-ubiquitous nature of internet connectivity, does not make it [the MOAB leak] too surprising.
“Whilst businesses are improving over time and there is increased regulation via government, self-regulation, and board direction, there are still going to be bad actors amongst the thousands of organisations that we submit our personal information to.
“I don't think this is an unacceptable risk [for users] – just like driving a car is not – but there are some internet user equivalents of seatbelts, airbags, and ABS brakes which we should all be using.”
In consideration of the MOAB leak, Cybernews urged users to employ strong and unique passwords across their accounts, enable multi-factor authentication, and keep an eye out for phishing and spear phishing attempts.