Meet us at RSA 2024

Polymer

Download free DLP for AI whitepaper

26 billion records leaked in “mother of all breaches”

Feb 14, 2024
Breach
Data breach

Summary

  • A security researcher found a database with 26 billion leaked records, making it the largest breach in history.
  • Information leaked came from global social media platforms and online services.
  • Individuals can protect themselves by changing passwords, using a password manager, being vigilant against phishing emails, and implementing two-factor authentication.
  • Organizations should consider adopting a zero-trust architecture for enhanced security.

In January 2024, a security researcher uncovered a colossal database comprising 26 billion leaked records pertaining to millions, possible billions, of individuals. The breach is thought to be the largest in history and is being called the “mother of all breaches.”

What happened & who is impacted in the massive leak?

Security researcher Bob Diachenko of SecurityDiscovery.com discovered the dataset, which contains information from global social media platforms and online services. 

According to his findings, the database includes reindexed leaks, breaches, and privately sold databases. The largest chunk of records, totaling 1.5 billion, comes from the Chinese social media giant Tencent, alongside 504 million from Tencent’s Weibo, 360 million from MySpace, and 281 million from X.

Other notable organizations embroiled in the leak include Adobe, Dropbox, LinkedIn, MyFitnessPal, Telegram, and several government bodies. A significant number of smaller, less-known organizations are also impacted.

The researchers suspect that an initial access broker (IAB) compiled the data from various sources with the aim of making a profit on the dark web, where hackers could purchase it to launch several forms of attack, including identity theft, phishing, credentials compromise, and business email compromise. 

What can you do to protect your personal data?

This breach serves as a stark reminder of the critical importance of cyber hygiene. While the public often envisions cybercriminals employing intricate methods and malicious code to commit cybercrime, the reality is that a stolen password can be all it takes.

To mitigate the risks of identity theft, take immediate action by changing your passwords and signing up to a password manager. Also, stay vigilant about phishing emails, and implement two-factor authentication on all your accounts. 

For organizations concerned about account hijacking, start investing in a zero-trust architecture if you haven’t already. Zero trust mandates authentication, authorization, and continuous validation of all users before granting them access to sensitive information, providing a direct defense against the risk of stolen passwords.

Find out more about implementing a zero trust architecture here

Polymer is a human-centric data loss prevention (DLP) platform that holistically reduces the risk of data exposure in your SaaS apps and AI tools. In addition to automatically detecting and remediating violations, Polymer coaches your employees to become better data stewards. Try Polymer for free.

SHARE

Get Polymer blog posts delivered to your inbox.