Anything that is connected to the internet can have a flaw that allows hackers to snoop and sneak in, and steal something.
There has been way too many instances of hackers attacking websites and apps, and steal user data.
But pretty much nothing compares to the so called 'MOAB'.
Or also referred to the 'Mother of all Breaches', the data breach involves a staggering 26 billion records.
Due to its massive size, researchers think this could be the largest data breach ever discovered with potentially unprecedented outcomes.
Some random 'Mother of All Breaches' #MOAB stats / interesting info, FYI:
1) the total number of datasets in MOAB = 4145
2) out of it = 1448 have more than 100k records
3) out of it = 601 have more than 1M recs
4) 203 datasets have less than 100 recs
5) instance was updated in… pic.twitter.com/md2yZxW9Ig— Bob Diachenko (@MayhemDayOne) January 24, 2024
Bob Dyachenko, the owner of SecurityDiscovery.com and Cybernews are credited with the shocking discovery, with the latter being the first describing it as MOAB.
In a website post, it's said that the data leak involves data from popular apps including Twitter, Weibo, MySpace, LinkedIn, Adobe, MyFitnessPal, JD.com, and more.
The one that is the most affected, is the Chinese instant messaging app Tencent QQ, which has a total of 1.4 billion records stolen, according to the researchers.
This is followed by Weibo, the Chinese social media platform, which had 504 million records.
Some of the other biggest leaks came from MySpace (360m million), Twitter/X (281 million), Linkedin (251 million), and AdultFriendFinder (220 million).
Every single data breach ever reported or sold was carefully collected by an unknown actor and left in a misconfigured instance. I'd say it is even bigger than @troyhunt's HIBP. https://t.co/ZyMqT0nLO8
— Bob Diachenko (@MayhemDayOne) January 22, 2024
The leak is also said to involve data from various government organizations in the U.S., Brazil, Germany, Philippines, and Turkey, as well as other countries.
The researchers found this data dump inside an unsecured website, which hosted it.
Cybernews suggests the person storing this data could be a "malicious actor, data broker, or some service that works with large amounts of data."
"The dataset is extremely dangerous as threat actors could leverage the aggregated data for a wide range of attacks, including identity theft, sophisticated phishing schemes, targeted cyberattacks, and unauthorized access to personal and sensitive accounts," the researchers said.
It's worth noting that despite there are 26 billion data records, it's possible that some are duplicates.
And, it appears that many of the data aren't actually new. Instead, the researchers said that many of the records are actually taken from compiled records from previous breaches.
While the data has not been described in details, at least initially, but it's said that they can be sensitive and valuable to cybercriminals alike, especially because the data records have usernames and password combinations.
Because of this, the impact of this could be unprecedented.
"If users use the same passwords for their Netflix account as they do for their Gmail account, attackers can use this to pivot towards other, more sensitive accounts," the researchers said, adding that "apart from that, users whose data has been included in supermassive MOAB may become victims of spear-phishing attacks or receive high levels of spam emails."
To help people with this, Cybernews has what it calls the data leak checker feature on its website, which allows people to enter their email address or phone into the search bar and see whether that account information has been leaked.
Cybernews said that it is working on updating the tool to ensure that it's able to check for data leaked in this massive breach.
Alternatively, Cybernews has also created a searchable list of websites compromised by the breach.
Before this, Cybernews reported 'COMB', or 'Compilation of Many Breaches', which contained more than 3.2 billion unique pairs of cleartext emails and passwords.