The “Mother of all Breaches:” 26 billion reasons to heighten your online security
In 2017, Yahoo suffered a massive data breach, which impacted 3 billion user accounts. In 2019, 533 million records were leaked from Facebook. In 2021, LinkedIn suffered a data breach affecting 700 million users. In the first month of 2024, researchers at Cybernews and Security Discovery uncovered what they are referring to as the most significant data breach ever - the “Mother of all Breaches” or “MOAB.”
What happened?
According to Cybernews, the MOAB comprises 12 terabytes of data from previous breaches, accounting for 26 billion exposed records. The leaked data includes data from major platforms, including Twitter (281 million), Adobe (153 million), LinkedIn (251 million), Weibo (504 million), MyFitnessPal (151 million), and MySpace (360 million). Other sites notably include government organizations. A complete searchable index of the compromised platforms is available through Cybernews.
Cybernews observes that MOAB is “meticulously compiled” into roughly 3,800 folders, each corresponding to a different data breach. Most of the leaked data is from previous breaches over the years, but the dataset also includes new data from those leaks that were not published previously. In aggregate, a leak of this size is unprecedented, and its impact is yet to be determined.
What does this mean for you?
To date, it is unclear who the MOAB’s owner is or why they have compiled such a large amount of data. Alarmingly, the compromised dataset includes login credentials (user names and passwords) and highly sensitive personal data. Thus, if a threat actor obtains the data, then they could efficiently utilize the data for a wide range of cybercrime, including identity theft, phishing schemes, cyberattacks, and unauthorized access to online accounts.
What can you do?
Cybernews regularly updates its data leak checker to include information from the MOAB. This tool allows users to check if their information was leaked.
In the meantime, users must be vigilant of password reuse and phishing attempts. If you’re like everyone else with an internet connection, you have dozens of accounts that require passwords. Like your home, you should not leave your data vulnerable to an attack. Any device or platform that stores information can be a way for cybercriminals to access your information and personal data. Thus, your password is one of the first lines of defense. The longer and more complicated a password is, the harder it will be for someone to access your accounts. Similarly, users should reset passwords regularly, especially for confidential accounts, such as banking or medical data.
For more updates on cybersecurity news, please subscribe to receive McDonald Hopkins’ publications or view the links below for recent cybersecurity updates and information on state data privacy legislation. In addition, if you have questions about your company’s compliance with cyber regulations, concerns about vulnerability to a ransomware attack or other breach, or if you want to learn more about proactive cybersecurity defense, contact Spencer Pollock (spollock@mcdonaldhopkins.com) or Arriana Sajjad (asajjad@mcdonaldhopkins.com) or another member of McDonald Hopkins national data privacy and cybersecurity team