Your personal information may have been leaked in the ‘Mother of all Breaches’ (MOAB), cybersecurity researchers have warned.
Over 26 billion personal records have been exposed, in what researchers believe to be the biggest-ever data leak.
Sensitive information from several sites including Twitter, Dropbox, and Linkedin was discovered on an unsecured page.
Worryingly, the researchers who found it claim this breach is extremely dangerous and could prompt a tsunami of cybercrime.
Here’s how to check if you have been affected.
Bob Dyachenko, owner of SecurityDiscovery.com and researchers from Cybernews discovered the data breach on an unsecured web instance.
Likely, the owner of the massive breach will never be discovered but the researchers suggest it could be a malicious actor, data broker, or service that works with large amounts of data.
Initial studies of the data suggest that it does not come from a new breach but is actually a collection of earlier breaches.
Of the 12 terabytes of records, the researchers also note that some are almost certainly duplicates.
However, the data breach is still extremely worrying due to the sensitive nature of the information that has been released.
The researchers said: ‘The dataset is extremely dangerous as threat actors could leverage the aggregated data for a wide range of attacks.’
They say that these attacks could include identity theft, sophisticated phishing schemes, targeted cyberattacks, and unauthorized access to personal and sensitive accounts.
Data has been leaked from hundreds of different sites – more than 20 of which have released hundreds of millions of records.
The biggest leak comes from Tencent’s QQ, a popular Chinese messaging app which had 1.5 billion records in the breach.
For context, in 2019 nearly one billion records were leaked from an unsecured database created by Verifications.io.
At the time this was one of the biggest and most damaging leaks ever, yet it did not contain as much data as QQ alone has now leaked.
This was followed by Weibo, the Chinese social media platform, which had 504 million records.
Some of the other biggest leaks came from MySpace (360m), Twitter (281m), Linkedin (251m), and AdultFriendFinder (220m).
The leak also included records from various government organisations from the US, Brazil, Germany, Philippines, Turkey, and others.
Jake Moore, global cybersecurity advisor for ESET told MailOnline: ‘This is an absolutely huge breach of data.
‘Cybercriminals cannot ever be underestimated with what they can achieve with even minimal information but if passwords have been taken the victims need to be aware of the consequences and must make the appropriate security updates.’
To see if your data has been affected by historic data breaches, you can use Cybernews’ data leak checker.
Simply enter your email address or phone number into the search bar and click ‘check now’ to see whether that account information has been leaked.
Cybernews says that it is currently working on updating the tool to ensure that it will be able to check for data leaked in this latest breach.
Alternatively, Cybernews has also created a searchable list of sites compromised by the breach.
If you are particularly worried about a site you use being affected, you can search the site’s name to see if data has been leaked.
According to the researchers, the biggest concern is that these records could provide the basis for a massive wave of cybercrime.
‘If users use the same passwords for their Netflix account as they do for their Gmail account, attackers can use this to pivot towards other, more sensitive accounts,’ they say.
By accessing databases of previous leaks, cybercriminals are able to match email addresses and identifying information across accounts.
For example, if you use the same mobile number for your bank and for Twitter, hackers might use this breach to find their way to your banking information.
For this reason, experts warn not to give out any more personal information online than is absolutely necessary.
‘Apart from that, users whose data has been included in supermassive MOAB may become victims of spear-phishing attacks or receive high levels of spam emails.’
If you are worried that your personal data has been leaked in this breach then the most important thing to do is update your passwords.
Ensuring that you are not using the same passwords for multiple accounts reduces the risk that one account being affected will compromise all your data.
Mr Moore added: ‘Those affected will need to change their passwords and be alert to follow up phishing emails whilst making sure all accounts – whether affected or not – are equipped with two factor authentication.’