‘Mother of all breaches’ exposes 26 billion records to the public

05 February 2024

Towards the end of January, a 12Tb database of 26 billion records was exposed online, featuring data from 1.5 billion Tencent users, 500 million Weibo users, 360 million MySpace users, 281 million X users, and 251 million LinkedIn users, among others. The ‘mother of all breaches’ indeed.

On the plus side, the archive of data - comprising password lists, user accounts, and other personal details - consists primarily of databases from several high-profile security breaches that have occurred over the last decade.

“Almost none of the data contained within this archive is ‘new’ and it does not represent a new significant breach of any one organisation or database,” outlines James McGoldrick, DFIR & CSIRT manager, Systal. “However, what is new is the fact that all these leaked datasets have been collated into one centrally stored resource.”

“The raw number of lost credentials 26 billion should help everyone realise just how bad this problem is,” says Corey Nachreiner, chief security officer at WatchGuard.

“Often, threat actors don’t have to ‘hack in,’ they just log in using credentials they have stolen or that have leaked in other breaches.”

So, what’s the big deal? Paolo Passeri, cyber intelligence principle, Netskope explains that “all of the leaked data here can potentially be misused by threat actors to carry out identity theft and opportunistic or targeted phishing campaigns, a scenario that is made even worse by the fact that this massive amount of records is readily available and contains information coming from different organisations in different sectors.”

“Malicious actors are able to leverage these breached credentials at scale to conduct credential-stuffing attacks against other services and company accounts in an attempt to gain access to additional systems via reused passwords,” adds Christian Scott, COO and CISO, Gotham Security, an Abacus Group Company. “Furthermore, this information allows malicious actors to infer commonly used passwords by staff at an organization to perform curated password spraying attacks.”

With much of the exposed data sourced from websites and applications heavily used by the business world, these sorts of discoveries should always serve as a wake-up call for enterprises, reinforcing the need to adopt a ‘zero trust’ strategy, according to Passeri.

“For businesses, a robust defence strategy is essential to protect against all rising threats,” says Irvin Shillingford, regional manager Northern Europe, Hornetsecurity.

“This should include email security solutions, backups, and effective security awareness training. All employees must be consistently educated and trained on security awareness to drive up company-wide protection and defend against any cyberattack.”

“Attacks such as this one highlight - again - that simply putting strong passwords in place is no longer good enough. Instead, we need a mechanism that mandates users to frequently change their credentials as well. And, each time, this mechanism must require strong, unique passwords, not iterative Password1, Password2 changes,” explains Andy Thompson, cybersecurity research evangelist, CyberArk. “Let’s say it takes a threat actor six weeks to crack the password of a systems administrator. If that password is rotated once a week – which can be automated to allow for a seamless user experience – then that credential would have been changed six times before the threat actor could crack the original password via a brute force attack.”

Moreover, the companies impacted in this leak risk significant consequences, including financial implications and potentially regulatory fines, as well as significant reputational damage.

“All businesses are trusted by their partners and customers to keep their data safe, and once that trust has been compromised, it’s incredibly difficult to win it back,” warns Scott…