Over 26 billion personal records have been leaked from X, formerly Twitter, LinkedIn, and Dropbox in what has been described as the “Mother of all Breaches,” cybersecurity researchers have warned.
Sensitive information was discovered on an unsecured page in a breach that researchers say is extremely dangerous and could prompt a tsunami of cybercrime.
Bob Dyachenko, owner of SecurityDiscovery.com, and researchers from Cybernews discovered the data breach on an unsecured web instance.
Most likely, the owner of the massive breach will never be detected, but researchers suggest it could be a malicious actor, data broker, or service that works with large amounts of data.
Initial studies of the data suggest it does not come from a new breach but is actually a collection of earlier breaches. Of the twelve terabytes of records, the researchers also note that some are almost certainly duplicates.
Most of the personal records leaked come from a Chinese messaging app
However, the data breach is still extremely worrying due to the sensitive nature of the information that has been released. The researchers said: “The dataset is extremely dangerous as threat actors could leverage the aggregated data for a wide range of attacks.”
They say that these attacks could include identity theft, sophisticated phishing schemes, targeted cyberattacks, and unauthorized access to personal and sensitive accounts. Data has been leaked from hundreds of different sites, more than twenty of which have released hundreds of millions of records.
The biggest leak comes from Tencent’s QQ, a popular Chinese messaging app that had 1.5 billion records in the breach. For context, in 2019, nearly one billion records were leaked from an unsecured database created by Verifications.io.
At the time, this was one of the biggest and most damaging leaks ever, yet it did not contain as much data as QQ alone has now leaked. This was followed by Weibo, the Chinese social media platform, which had 504 million records.
Some of the other biggest leaks came from MySpace (360 million), Twitter (281 million), LinkedIn (251 million), and AdultFriendFinder (220 million).
A LinkedIn spokesperson told MailOnline: “We are working to fully investigate these claims and we have seen no evidence that LinkedIn’s systems were breached.” The leak also included records from various government organizations from the US, Brazil, Germany, the Philippines, and Turkey among others.
Jake Moore, global cybersecurity advisor for ESET told MailOnline: “This is an absolutely huge breach of data…Cybercriminals cannot ever be underestimated with what they can achieve with even minimal information but if passwords have been taken the victims need to be aware of the consequences and must make the appropriate security updates.”
To see if your data has been affected by historic data breaches, you can use Cybernews’ data leak checker.
Related: Is Your Digital Footprint Dangerous? How to Protect Yourself
See all the latest news from Greece and the world at Greekreporter.com. Contact our newsroom to report an update or send your story, photos and videos. Follow GR on Google News and subscribe here to our daily email!
