Massive Data Leak Exposes Billions of Personal Information

In a never-before-seen database leak, security researchers found billions of personal information exposed online. The 12TB of information, containing over 26 billion records of previously exposed breaches was discovered by a team of cybersecurity researchers at Cybernews and Bob Diachenko.

Dubbed as the Mother of all Breaches, the exposed data is available on open instance and can be accessed by any user. It is said to contain data in over 3,800 folders, with each folder signifying a separate breach.

‘’While this doesn’t mean that the difference between the two automatically translates to previously unpublished data, billions of new records point to a very high probability, the MOAB contains never seen before information,’’ the researchers said.

Among the exposed records, the largest number is from Tencent customers (1.5 billion); Weibo, a Chinese messaging app like WhatsApp (504 million), MySpace (360 million); X (formerly Twitter) had 281 million records exposed, along with 251 million from LinkedIn. The list is also said to contain records of various companies and government organizations in Brazil, Germany, the US, among others.

Moreover, it is very likely that this leak does not contain data from any new undiscovered leak, but mainly contains records of past data breaches. Due to the high number of records, it is also likely to contain a sizable number of duplicates.

While the type of personal information contained in these records remains unclear, it is believed to contain ‘’far more information than just credentials – most of the exposed data is sensitive and, therefore, valuable for malicious actors,’’ the researchers believe.

‘’Every single data breach ever reported or sold was carefully collected by an unknown actor and left in a misconfigured instance,” tweeted Diachenko on X.

In light of this incident, it is imperative that users, especially those who reuse usernames and passwords, immediately change their passwords, enable 2-factor authentication, and stay vigilant of phishing emails and messages.