What is the Mother of all Breaches? 12 TB with 26 Bn Records Leaked
Date: 23 January 2024
If you follow cybersecurity news or news of any type at all, you’ve probably heard of the 12 TB worth of data leak discovered by a team of security researchers. The data breach is being dubbed as the Mother of all Breaches or MOAB. Apparently the breach tree contains 26 billion leaked records, as per the security researchers from Cyber News and Security Discovery.
In this blog, we help you unravel what the Mother of all Breaches is all about. Is it actually as disastrous as it sounds? Do you need to worry and does it mean your data is definitely leaked online? Let’s find out.
1. What Records Have Been Leaked?
2. Who is Behind this Massive Breach?
3. What is the Potential Impact of the Breach?
4. Lessons Learned for Individuals
5. Lessons Learned for Businesses
What Records have been Leaked?
As per initial reports, it appears that the records that have been leaked are a compilation of stolen data from past breaches. About 1.4 billion of the leaked records allegedly come from a breach at Chinese instant messaging app, Tencent CQ.
Millions of other records in the massive breach come from other social media and digital platforms like Twitter, MySpace, LinkedIn, Canva, DropBox, MyFitnessPal, Telegram and AdultFriendFinder. Records of various government organisations have also made it to the data tree. These nations include the U.S., Germany, Brazil, Turkey amongst others.
Who is Behind the Leak?
So far, it is apparently unclear who is behind this alleged Mother of all Breaches. It is obviously a data broker or an advanced malicious actor but their identity is, as of now, unknown.
What is the Possible Impact of This Breach?
Many cybersecurity experts feel that the impact of this data breach could be massive. It could lead to unprecedented credential stuffing attacks. Matters will be worse for those users who use the same password across sites.
For instance, if your Canva password and Gmail password are the same and your Canva password is part of the leak, a cyber criminal can now use that leaked password to potentially hack into your Gmail account. And this could be done for hundreds of millions of users across hundreds and millions of websites.
The Security Researchers who discovered the database said, “Threat actors could leverage the aggregated data for a wide range of attacks, including identity theft, sophisticated phishing schemes, targeted cyberattacks, and unauthorised access to personal and sensitive accounts.”
Cyber News had earlier discovered a massive dataset with leaked records in 2021. This database contained 3.2 billion records, making the new MOAB significantly worse.
However, several analyses are also suggesting that the breach isn’t as bad as it may sound at first. Of course, having personal data stolen and circulated as part of a large compilation online is never a great thing. But many are pointing out that this breach is only a compiled collection of thousands of previously leaked records. Some of the records may even be duplicate. Therefore, one cannot be sure that it’s 26 billion unique records that comprise the 12 TB data set.
What Lessons can We Learn from this Incident?
For the Individual
The important thing to remember here is that, apparently and hopefully, no new data has been exposed. If you’ve been part of other data leaks in the past and have used that news as a warning signal to update all passwords and use unique ones across multiple platforms, you should likely be fine.
However, here are some precautions and preventive measures you can take now to protect yourself better:
-
Don’t panic: Yes, it’s not a great feeling to know that your data may be easily searchable as part of a huge leaked database. But if you’ve been practising good security hygiene over the years, there is likely nothing to panic about afresh. Let the MOAB be a reminder of the consequences of not being vigilant with your online security.
-
Update passwords if you haven’t already: If you used platforms that were breached in the past but never bothered to update your passwords, then do so NOW. And remember, just changing the password for the breached account is not enough. You must change your passwords and use unique ones across all sites which may have had your old, stolen credentials.
- Start using Password Managers: A password manager will probably not protect you from a data leak, but it will ensure you have unique passwords for different accounts. This can go a long way in protecting you from credential stuffing attacks which we discussed earlier.
- Be aware about phishing emails: Educate yourself about what common phishing tactics are. Try to undergo some sort of basic cybersecurity awareness training so you’re able to identify a phishing email when you see one. Stay vigilant online and don’t click on links you don’t trust.
- Enable 2-factor authentication: Use 2FA or two-factor authentication across all digital and social platforms. This considerably limits chances of anyone compromising your account through brute force. Start doing this right away!
- Check if your data has been leaked: Awareness is critical in this context. Use free services like Have I been Pwned and the leak checker tool from Cyber News to see if your data has been compromised. The data from the new leaked dataset may not have been fed into the tools yet. However, data from past breaches should come up through these tools.
For Businesses
There is an embarrassingly long list of organisations with an equally embarrassing number of records that seem to be part of this Mother of all Breaches. Yes, the data may be part of old compromises, yet the damage this sort of data tree can cause afresh cannot be undermined.
This breached database must act like a warning bell for business and government organisations across the globe to pay serious attention to their cybersecurity starting now.
Here’s what companies that may or may not have been named in the dataset can do:
- Revisit your Security Infrastructure: It is imperative for the executive leadership to start taking a close and hard look at the security controls and protocols in place. How data is being processed within the organisation and if it meets regulatory and legal compliance requirements such as those pertaining to the EU GDPR are also critical questions that need asking immediately. How often is a security risk assessment being conducted? What is your organisational breach readiness score? All of these important facets of business security have to be looked at with a critical lens.
- Data Breach Response: It is absolutely essential that businesses become better prepared for data breaches of this nature. Getting Cyber Incident Response Plans and Incident Response Playbooks in order are the need of the hour. What you do as a business in the Golden Hour after a breach can make or break your reputation and protect you from regulatory fines and penalties.
- Test your Incident Response Capabilities: Just having plans and playbooks though isn’t enough. These must also be regularly tested through Cyber Attack Tabletop Exercises. They put your primary decision-makers and stakeholders in a simulated attack environment and test if their response will actually hold water in a real crisis situation. If you don’t know where to start with a cyber attack simulation drill, use the free resources created by our experts:
Cyber Tabletop Exercise Scenarios You Must Rehearse
Cyber Tabletop Exercise Template
Cyber Attack Tabletop Exercise PPT - Cybersecurity Awareness Training: As a business or government organisation that handles and/or processes sensitive information, it is imperative that you invest in cybersecurity awareness training. Your staff must be trained to be vigilant against common tactics of cyber attackers. They must be made fully aware of the kind of links and emails to watch out for and how to protect their privileged credentials.
- Enlist external expertise: The MOAB may have highlighted to you that your internal team may not be fully equipped to handle damages of this scale and nature. Opt for a cybersecurity consultancy that fits your needs and budget in that case. Our expert cybersecurity consultants can help you not only assess the gaps in your current breach readiness, but also help you plug them at a timeline that suits you. They can ensure better supply chain security for you, increased compliance, enhanced cyber resilience and overall better management of any cyber incidents.