views
Cybersecurity experts have discovered a massive quantity of exposed records in an unsecured database, the owner of which is not easily identifiable. According to a report by Cybernews, this data breach, referred to as ‘MOAB—Mother of All Breaches,’ consists of privately sold databases, reindexed leaks, and breaches.
The size of the database is estimated to be approximately 12TB—containing roughly 26 billion records. However, the identity of the owner owning the aforementioned database remains uncertain. It is unclear whether the owner is a malicious actor, a data broker, or an individual working with substantial amounts of data.
“The dataset is extremely dangerous as threat actors could leverage the aggregated data for a wide range of attacks, including identity theft, sophisticated phishing schemes, targeted cyberattacks, and unauthorized access to personal and sensitive accounts,” the researchers were quoted as saying by Cybernews. It is also important to note that this database doesn’t necessarily contain any new data; instead, it is said to be made up of a compilation of data from multiple breaches.
What’s The Worrying Bit Here?
The report says there’s a good chance that many of those 26 billion records are probably duplicates. But even if they are, the leaked data has a lot more than just passwords and usernames. In fact, most of the data is sensitive stuff that could be really valuable to bad actors.
That being said, the most critical and arguably most concerning aspect lies in the potential for malicious actors to somehow obtain this data, thereby enabling them to carry out a series of “credential-surfing attacks” using the billions of usernames and passwords that are contained within.
“If users use the same passwords for their Netflix account as they do for their Gmail account, attackers can use this to pivot towards other, more sensitive accounts. Apart from that, users whose data has been included in the supermassive MOAB may become victims of spear-phishing attacks or receive high levels of spam emails,” the researchers added.
Leaked Data Allegedly Includes Records From These Tech Giants
Based on the report, Tencent takes the top spot with 1.5 billion leaked records in its name, followed by Weibo, MySpace, and Twitter (X), with 504 million, 360 million, and 281 million records, respectively. Others, including LinkedIn, Zynga, NetEase, Adobe, and Canva, are also allegedly present in the database. Further, it is also said to contain records of multiple governments in the US, Brazil, Germany, Turkey, the Philippines, and other nations.
Comments
0 comment