In January 2024, a security researcher uncovered a colossal database comprising 26 billion leaked records pertaining to millions, possible billions, of individuals. The breach is thought to be the largest in history and is being called the “mother of all breaches.”
What happened & who is impacted in the massive leak?
Security researcher Bob Diachenko of SecurityDiscovery.com discovered the dataset, which contains information from global social media platforms and online services.
According to his findings, the database includes reindexed leaks, breaches, and privately sold databases. The largest chunk of records, totaling 1.5 billion, comes from the Chinese social media giant Tencent, alongside 504 million from Tencent’s Weibo, 360 million from MySpace, and 281 million from X.
Other notable organizations embroiled in the leak include Adobe, Dropbox, LinkedIn, MyFitnessPal, Telegram, and several government bodies. A significant number of smaller, less-known organizations are also impacted.
The researchers suspect that an initial access broker (IAB) compiled the data from various sources with the aim of making a profit on the dark web, where hackers could purchase it to launch several forms of attack, including identity theft, phishing, credentials compromise, and business email compromise.
What can you do to protect your personal data?
This breach serves as a stark reminder of the critical importance of cyber hygiene. While the public often envisions cybercriminals employing intricate methods and malicious code to commit cybercrime, the reality is that a stolen password can be all it takes.
To mitigate the risks of identity theft, take immediate action by changing your passwords and signing up to a password manager. Also, stay vigilant about phishing emails, and implement two-factor authentication on all your accounts.
For organizations concerned about account hijacking, start investing in a zero-trust architecture if you haven’t already. Zero trust mandates authentication, authorization, and continuous validation of all users before granting them access to sensitive information, providing a direct defense against the risk of stolen passwords.
Find out more about implementing a zero trust architecture here.
FAQs
In January 2024, a security researcher uncovered a colossal database comprising 26 billion leaked records pertaining to millions, possible billions, of individuals. The breach is thought to be the largest in history and is being called the “mother of all breaches.”
Is the Apple data leak warning real? ›
If you're an iPhone user, you might have seen the notification about one of your passwords appearing in a data leak. While this sounds alarming, there's no need to panic—it does not necessarily mean you are at risk. But it's a good reminder to use strong, unique passwords on all your accounts.
What is the mother of all breaches breached? ›
In January 2024, a data leak of 26 billion records was discovered by security researcher Bob Diachenko of Security Discovery. This data breach has quickly come to be known as The Mother Of All Breaches (aka MOAB) due to its size and contains 12 terabytes of user data from 3,876 domains.
How do I know if I was affected by an AT&T data breach? ›
Malwarebytes has an easy, free tool—the Malwarebytes Digital Footprint Portal—that allows you to check if your data was exposed in the AT&T breach.
What companies were affected by Mother of All breaches? ›
What sites are affected by the Mother of All Breaches?
- Tencent QQ with 1.4 billion records compromised.
- Weibo with 504 million records compromised.
- MySpace with 360 million records compromised.
- Twitter with 281 million records compromised.
- Deezer with 258 million records compromised.
The Scale of the Breach and The Supermassive Leak
The supermassive leak consists of a mind-boggling 12 terabytes of information, spanning over 26 billion records. The data breach has had a significant impact on data privacy and information security, raising cybersecurity concerns worldwide.
Why is my iPhone saying all my passwords are compromised? ›
Is the iPhone “compromised password” notification real? The message is legit. If you receive such a notification, your password matches an entry on a list of compromised data. However, it doesn't necessarily mean that it is your password personally, it might be someone else's password that matches yours.
Should I take Apple data leaks seriously? ›
Yes, you should be concerned about leaked passwords. A compromised password means unauthorized individuals can access your personal information and accounts.
Does Apple send warnings that your phone has been hacked? ›
The message is not from Apple.... because they will never send a message like this. It is a scam.
What is the largest data breach in 2024? ›
Biggest Data Breaches of 2024
- Indian Telecom Data Breach : January 14, 2024. ...
- Trello Data Breach : January 16, 2024. ...
- Mother of All Breaches (MOAB): January 22, 2024. ...
- Cyber Attack on the Russian Center for Space Hydrometeorology (Planeta) : January 26, 2024. ...
- Bank of America Data Breach : February 6, 2024.
In late January of 2024, it was announced that a massive data leak was discovered on the dark web, which included over 26 billion records and took up over 12 terabytes of data. It was almost instantly referred to as “the mother of all breaches” because of the staggering size of the data.
Why does McAfee say my info is on the dark web? ›
McAfee Identity Monitoring scans the dark web regularly for your Personally Identifiable Information (PII). And if it finds your data on the dark web, it'll alert you through an email. This email is sent from info@notification.mcafee.com with the subject line “Your info was found on the dark web”.
Has AT&T been hacked in 2024? ›
Fast-forward to March 2024, the stolen personal information was discovered on the dark web, according to Troy Hunt, creator of Have I Been Pwned. In response, AT&T said it has contacted the 7.6 million current customers and has reset their passcodes.
How can I tell if I was part of a data breach? ›
One of the best ways to check if you have been hacked is to enter your email into a number of data breach websites that track breaches and verify them as genuine. The websites will tell you if your email and associated passwords were part of any known data breaches.
What cell phone carrier has a data breach? ›
U.S. cell carrier Patriot Mobile experienced a data breach that included subscribers' personal information, including full names, email addresses, home ZIP codes and account PINs, TechCrunch has learned.
When was the data leak called the mother of all breaches announced? ›
So What Exactly Happened? In late January of 2024, it was announced that a massive data leak was discovered on the dark web, which included over 26 billion records and took up over 12 terabytes of data. It was almost instantly referred to as “the mother of all breaches” because of the staggering size of the data.
How many millions of records have been leaked in the collection #1 data breach? ›
“Collection #1-5” — 2019
Mid-January 2019, 773 million unique email addresses and 21 million passwords were found as Collection #1 on torrent websites. By the end of the month, Collections #2-5 were discovered, with 2.2 billion more credentials.
Have twenty brands had over 100 billion leaked records? ›
Twenty brands have had over 100 billion leaked records, with the largest being Tencent's 1.5 billion. Brands more familiar to Western consumers such as LinkedIn, X, Venmo, Canva, Apollo and Adobe have also been hit.
What is the mother of all cyber breaches? ›
Recently, we witnessed a seismic event with the emergence of the Mother of All Breaches (MOAB). This massive data leak amalgamates records from numerous past breaches, culminating in a staggering 12 terabytes of information across 26 billion records—now potentially in the hands of data brokers and bad actors.
