The cybersecurity landscape has been rocked by the discovery of a supermassive leak, comprising an astounding 12 terabytes of information and spanning over 26 bn records. The leak, which includes user data from LinkedIn, Twitter, Weibo, Tencent, and other platforms, is almost certainly the largest ever discovered.
Bob Dyachenko, a cybersecurity researcher and owner at SecurityDiscovery.com, together with the Cybernews team, has discovered billions upon billions of exposed records on an open instance. The owner of this instance is unlikely ever to be identified.
Content
While the leaked dataset contains mostly information from past data breaches, it almost certainly holds new data that was not published before. For example, the Cybernews data leak checker, which relies on data from all major data leaks, contains information from over 2,500 data breaches with 15 bn records.
The MOAB contains 26 bn records over 3,800 folders, with each folder corresponding to a separate data breach. While this doesn’t mean that the difference between the two automatically translates to previously unpublished data, billions of new records point to a very high probability that the MOAB contains never-before-seen information.
Owner
Researchers believe that the owner of the MOAB has a vested interest in storing large amounts of data and, therefore, could be a malicious actor, data broker, or some service that works with large amounts of data.
“The dataset is extremely dangerous as threat actors could leverage the aggregated data for a wide range of attacks, including identity theft, sophisticated phishing schemes, targeted cyberattacks, and unauthorized access to personal and sensitive accounts,” the researchers said.
Impact
The supermassive MOAB does not appear to be made up of newly stolen data only and is most likely the largest compilation of multiple breaches (COMB). While the team identified over 26 bn records, duplicates are also highly likely. However, the leaked data contains far more information than just credentials – most of the exposed data is sensitive and, therefore, valuable for malicious actors.
There are supposedly hundreds of mn records from Weibo (504 mn), MySpace (360 mn), Twitter (281 mn), Deezer (258 mn), Linkedin (251 mn), AdultFriendFinder (220 mn), Adobe (153 mn), Canva (143 mn), VK (101 mn), Daily Motion (86 mn), Dropbox (69 mn), Telegram (41 mn), and many other companies and organizations.
The leak also includes records of various government organizations in the US, Brazil, Germany, Philippines, Turkey, and other countries. According to the team, the consumer impact of the supermassive MOAB could be unprecedented. Since many people reuse usernames and passwords, malicious actors could embark on a tsunami of credential-stuffing attacks.
The leak’s scale is of yet unseen proportions. For example, in 2021, Cybernews reported a COMB that contained 3.2 bn records – only 12% of the supermassive MOAB of 2024.
Follow Daryo's official Instagram and Twitter pages to keep current on world news.
Comments (0)