In January 2024, a security researcher uncovered a colossal database comprising 26 billion leaked records pertaining to millions, possible billions, of individuals. The breach is thought to be the largest in history and is being called the “mother of all breaches.”
What happened & who is impacted in the massive leak?
Security researcher Bob Diachenko of SecurityDiscovery.com discovered the dataset, which contains information from global social media platforms and online services.
According to his findings, the database includes reindexed leaks, breaches, and privately sold databases. The largest chunk of records, totaling 1.5 billion, comes from the Chinese social media giant Tencent, alongside 504 million from Tencent’s Weibo, 360 million from MySpace, and 281 million from X.
Other notable organizations embroiled in the leak include Adobe, Dropbox, LinkedIn, MyFitnessPal, Telegram, and several government bodies. A significant number of smaller, less-known organizations are also impacted.
The researchers suspect that an initial access broker (IAB) compiled the data from various sources with the aim of making a profit on the dark web, where hackers could purchase it to launch several forms of attack, including identity theft, phishing, credentials compromise, and business email compromise.
What can you do to protect your personal data?
This breach serves as a stark reminder of the critical importance of cyber hygiene. While the public often envisions cybercriminals employing intricate methods and malicious code to commit cybercrime, the reality is that a stolen password can be all it takes.
To mitigate the risks of identity theft, take immediate action by changing your passwords and signing up to a password manager. Also, stay vigilant about phishing emails, and implement two-factor authentication on all your accounts.
For organizations concerned about account hijacking, start investing in a zero-trust architecture if you haven’t already. Zero trust mandates authentication, authorization, and continuous validation of all users before granting them access to sensitive information, providing a direct defense against the risk of stolen passwords.
Find out more about implementing a zero trust architecture here.