26 billion stolen documents hidden in one virtual location

Largest data breach in web history discovered: 12 terabytes of information from LinkedIn, Twitter, Tencent and other social networks

Stolen documents: a "data leak" containing 26 billion pieces of information and measuring 12 terabytes has been discovered
A supermassive data leak containing data from numerous past breaches, and comprising as many as 12 terabytes of information, was recently discovered by industry experts and reported by the specialized website Cybernews

A super-massive leak containing data from numerous past breaches and comprising as many as 12 terabytes of information, for a total of 26 billion documents, recently emerged thanks to the work of industry experts and reported by the specialized website Cybernews, based in Vilnius, Lithuania.

The flaw, which contains data from users of LinkedIn, Twitter, Weibo, Tencent and other social platforms, is almost certainly the largest ever to come to light.

In the history of the Web there have been data leaks, you might say, and then there was “this.”

Switzerland and the USA aligned on cybersecurity and digital technology
The Cyber-Defense Campus relaunches the "Cyber ​​Startup Challenge"

Stolen documents: a "data leak" containing 26 billion pieces of information and measuring 12 terabytes has been discovered
A supermassive data leak containing data from numerous past breaches, totaling 26 billion documents, was recently discovered by industry experts and reported by the specialized website Cybernews

There is a “data leak checker” available at https://cybernews.com/personal-data-leak-check/

This is the supermassive “Mother of All Breaches”, MOAB, as it is called, which includes data from thousands of thefts, breaches and meticulously compiled and re-indexed private databases.

Volodymyr “Bob” Dyachenko, cybersecurity researcher and owner of SecurityDiscovery.com, together with the Cybernews team, has certified billions and billions of documents exposed on an "open" instance whose owner is unlikely to ever be identified.

According to the team, the leaked dataset mostly contains information from past breaches, but it almost certainly also contains new, previously unpublished data.

For example, Cybernews' "data leak checker", available to everyone at https://cybernews.com/personal-data-leak-check/ and which is based on data from all major leaks, contains information from over 2.500 data breaches with 15 billion documents.

In fact, the MOAB contains 26 billion documents in 3.800 folders, each of which corresponds to a separate data breach.

The privacy protection "bug" is in US legislation
A free webinar to explore cybersecurity in depth

Stolen documents: a "data leak" containing 26 billion pieces of information and measuring 12 terabytes has been discovered
The number of documents and data stolen in the so-called "Mother of all Breaches" in a table created by the specialized website Cybernews, which reports in decreasing order the name of the most affected App, social network or website

It is very likely that the current “Mother of all Breaches” contains information never seen before…

While this does not mean that the difference between the two automatically translates into new data, billions of new documents indicate a very high probability that the “Mother of all Breaches” contains previously unseen information.

The researchers believe that the owner of the MOAB has a personal interest in the abusive storage of large amounts of data and, therefore, could be an attacker, an information broker or a service that works with large amounts of data.

“The dataset is extremely dangerous, as threat actors could exploit the aggregated data for a wide range of attacks, including identity theft, sophisticated phishing schemes, targeted cyberattacks, and unauthorized access to personal and sensitive accounts ”, the researchers said.

The supermassive MOAB does not appear to be made up only of recently stolen data and is most likely the largest “Multiple Breach Compilation” ever, acronym COMB.

Although the team identified over 26 billion documents, it is highly likely that there are also duplicates.

However, the leaked data contains much more information than just credentials: most of the exposed data is sensitive and, therefore, valuable to malicious actors.

A quick look at the data tree reveals an incredibly large number of documents collected from previous breaches.

The Davos alarm on the resurgence of global cyberattacks
From ated-ICT Ticino the first game about… cyber-security

Stolen documents: a "data leak" containing 26 billion pieces of information and measuring 12 terabytes has been discovered
A super-massive data leak hit the Tencent social networks QQ, Weibo, MySpace, Twitter, Deezer, Linkedin, AdultFriendFinder, Adobe, Canva, VK, Daily Motion, Dropbox and Telegram and was reported by the specialized website Cybernews

1,4 billion data comes from Tencent QQ alone, a Chinese instant messaging app

The largest number of documents, 1,4 billion, comes from Tencent QQ, a Chinese instant messaging app.

However, there are supposedly hundreds of millions of documents from Weibo (504 million), MySpace (360), Twitter (281), Deezer (258), Linkedin (251), AdultFriendFinder (220), Adobe (153), Canva (143), VK (101), Daily Motion (86), Dropbox (69), Telegram (41M) and many other companies and organizations.

The leak also includes data from various government organizations from the United States of America, Brazil, Germany, the Philippines, Turkey and other countries.

According to the team, the impact on consumers of the supermassive “Mother of all Breaches” could be unprecedented.

Since many people reuse usernames and passwords, bad actors could launch a tsunami of credential-stuffing attacks.

“If users use the same passwords for their Netflix account and their Gmail account, attackers can exploit them to move to other, more sensitive accounts. Additionally, users whose data has been included in the supermassive MOAB may become victims of spear-phishing attacks or receive high levels of spam emails.", the researchers said.

The scope of the "data leak" or flaw is of unprecedented proportions.

For example, in 2021, Cybernews reported a COMB that contained 3,2 billion documents, accounting for only 12 percent of 2024's massive “Mother of all Breaches.”

Switzerland excels in an international cyber exercise
The safety of AI? The Bletchley Park statement is crucial

Stolen documents: a "data leak" containing 26 billion pieces of information and measuring 12 terabytes has been discovered
Cybersecurity, viruses, ransomware, phishing, spear phishing and hacker attacks are one of the great contemporary issues, which the discovery of the "Mother of all Breaches" dramatically highlighted in 2024

Cybernews staff: “Everyone is advised to remain vigilant and take care of their cyber hygiene”

“We are updating the data leak checker to include information from the MOAB, which will allow users to check if their data was included in the largest known data leak. In the meantime, they are advised to remain vigilant and maintain their cyber hygiene.", they informed Cybernews.

And yet: “Everyone should use strong, hard-to-guess passwords, enable multi-factor authentication on all important accounts, keep an eye out for phishing and spear phishing attempts, check for duplicate keywords, and immediately set up new protection for accounts that share the same passwords."

Switzerland towards the obligation to notify cyber-attacks
What is spear phishing and why is it so scary?

The importance of cybersecurity in the contemporary world

The "Cyber ​​Security Liechtenstein" campaign is for cyber security

The birth and development of the Internet over about thirty years

The countries with the highest number of Internet users between 1990 and 2021

Stolen documents: a "data leak" containing 26 billion pieces of information and measuring 12 terabytes has been discovered
Useful strong, hard-to-guess keywords, multi-factor authentication, phishing and spear phishing control, key duplicate control, and new protection for accounts sharing the same passwords