Huge data leak dubbed the 'Mother of all Breaches' sees 26 BILLION records leaked from sites including Twitter, Linkedin, and Dropbox - here's how to check if you've been affected
- Experts warn the massive data breach could trigger a wave of cybercrime
- The researchers say that this could be the largest data breach to ever occur
Over 26 billion personal records have been exposed, in what researchers believe to be the biggest-ever data leak.
Sensitive information from several sites including Twitter, Dropbox, and Linkedin was discovered on an unsecured page.
Worryingly, the researchers who found it claim this breach is extremely dangerous and could prompt a tsunami of cybercrime.
Here's how to check if you have been affected.
- If you use any of these sites, then there is a good chance your details have been leaked. While some records are certainly duplicates these sites have each leaked over 100 million personal records
How to check if your data has been leaked
To see if your data has been affected by historic data breaches, you can use Cybernews' data leak checker.
Simply enter your email address or phone number into the search bar and click 'check now' to see whether that account information has been leaked.
Cybernews says that it is currently working on updating the tool to ensure that it will be able to check for data leaked in this latest breach.
Alternatively, Cybernews has also created a searchable list of sites compromised by the breach.
If you are particularly worried about a site you use being affected you can search the site's name to see if data has been leaked.
Bob Dyachenko, owner of SecurityDiscovery.com and researchers from Cybernews discovered the data breach on an unsecured web instance.
Likely, the owner of the massive breach will never be discovered but the researchers suggest it could be a malicious actor, data broker, or service that works with large amounts of data.
Initial studies of the data suggest that it does not come from a new breach but is actually a collection of earlier breaches.
Of the 12 terabytes of records, the researchers also note that some are almost certainly duplicates.
However, the data breach is still extremely worrying due to the sensitive nature of the information that has been released.
The researchers said: 'The dataset is extremely dangerous as threat actors could leverage the aggregated data for a wide range of attacks.'
They say that these attacks could include identity theft, sophisticated phishing schemes, targeted cyberattacks, and unauthorized access to personal and sensitive accounts.
Data has been leaked from hundreds of different sites - more than 20 of which have released hundreds of millions of records.
The biggest leak comes from Tencent's QQ, a popular Chinese messaging app which had 1.5 billion records in the breach.
For context, in 2019 nearly one billion records were leaked from an unsecured database created by Verifications.io.
At the time this was one of the biggest and most damaging leaks ever, yet it did not contain as much data as QQ alone has now leaked.
- Experts warn that the data, which was leaked from sites like Linkedin, might be extremely dangerous. Criminals can use this kind of sensitive personal information to create a massive wave of cybercrime including phishing attacks, identity theft, and targeted cyberattacks
Some of the other biggest leaks came from MySpace (360m), Twitter (281m), Linkedin (251m), and AdultFriendFinder (220m).
The leak also included records from various government organisations from the US, Brazil, Germany, Philippines, Turkey, and others.
Jake Moore, global cybersecurity advisor for ESET told MailOnline: 'This is an absolutely huge breach of data.
'Cybercriminals cannot ever be underestimated with what they can achieve with even minimal information but if passwords have been taken the victims need to be aware of the consequences and must make the appropriate security updates.'
To see if your data has been affected by historic data breaches, you can use Cybernews' data leak checker.
Simply enter your email address or phone number into the search bar and click 'check now' to see whether that account information has been leaked.
Cybernews says that it is currently working on updating the tool to ensure that it will be able to check for data leaked in this latest breach.
Alternatively, Cybernews has also created a searchable list of sites compromised by the breach.
- To see if your data has been affected by historic data breaches, you can use Cybernews' data leak checker. Simply enter your email address or phone number into the search bar and click 'check now' to see whether that account information has been leaked
According to the researchers, the biggest concern is that these records could provide the basis for a massive wave of cybercrime.
'If users use the same passwords for their Netflix account as they do for their Gmail account, attackers can use this to pivot towards other, more sensitive accounts,' they say.
By accessing databases of previous leaks, cybercriminals are able to match email addresses and identifying information across accounts.
For example, if you use the same mobile number for your bank and for Twitter, hackers might use this breach to find their way to your banking information.
For this reason, experts warn not to give out any more personal information online than is absolutely necessary.
'Apart from that, users whose data has been included in supermassive MOAB may become victims of spear-phishing attacks or receive high levels of spam emails.'
If you are worried that your personal data has been leaked in this breach then the most important thing to do is update your passwords.
Ensuring that you are not using the same passwords for multiple accounts reduces the risk that one account being affected will compromise all your data.
Mr Moore added: 'Those affected will need to change their passwords and be alert to follow up phishing emails whilst making sure all accounts - whether affected or not - are equipped with two factor authentication.'
HOW TO CHECK IF YOUR EMAIL ADDRESS IS COMPROMISED
Have I Been Pwned?Cybersecurity expert and Microsoft regional director Tory Hunt runs 'Have I Been Pwned'.
The website lets you check whether your email has been compromised as part of any of the data breaches that have happened.
If your email address pops up you should change your password.
Pwned Passwords
To check if your password may have been exposed in a previous data breach, go to the site's homepage and enter your email address.
The search tool will check it against the details of historical data breaches that made this information publicly visible.
If your password does pop up, you're likely at a greater risk of being exposed to hack attacks, fraud and other cybercrimes.
Mr Hunt built the site to help people check whether or not the password they'd like to use was on a list of known breached passwords.
The site does not store your password next to any personally identifiable data and every password is encrypted
Other Safety Tips
Hunt provides three easy-to-follow steps for better online security. First, he recommends using a password manager, such as 1Password, to create and save unique passwords for each service you use.
Next, enable two-factor authentication. Lastly, keep abreast of any breaches