Security researchers have discovered a massive unsecured database containing a staggering 26 billion user records leaked from various websites and platforms. Dubbed the ‘Mother of all Breaches’, it likely surpasses any previous data breach in scale at 12 terabytes.
The compromised data includes sensitive information like usernames, passwords and email addresses from major sites including Twitter, LinkedIn and Dropbox, researchers from Security Discovery and Cybernews revealed in a Forbes report. Records from Tencent, Weibo, Adobe, Canva, Telegram and some US government agencies were also found leaked.
Massive Compilation of Previous Breaches
While a relatively small portion appears to be new breaches, the database largely comprises a huge compiled list spanning thousands of past leak incidents. However, the fact that it contains plaintext passwords alongside associated usernames and emails is deeply concerning.
Cybercriminals can leverage these password lists for serious attacks like identity theft, convincing phishing campaigns, gaining unauthorized account access and more. Experts thus warn against underestimating the threats from such compromised data.
Users Urged to Reset Passwords, Enable 2FA
“Victims need to be aware of the consequences of stolen passwords and make the necessary security updates in response,” noted ESET’s Jake Moore. This includes changing passwords immediately and enabling two-factor authentication across sensitive accounts.
The previous largest leak occurred in 2019 from an unsecured database with nearly 1 billion records. Other major historical breaches came from MySpace, Twitter, LinkedIn and AdultFriendFinder. But at 12 terabytes, the latest ‘Mother’ database likely eclipses past incidents in scale and impact.