Massive 26 Billion Record Leak: Dropbox, LinkedIn, Twitter All Named
Last edited Mon Jan 22, 2024, 08:10 PM - Edit history (1)
Source: Forbes
Security researchers have warned that a database containing no less than 26 billion leaked data records has been discovered. The supermassive data leak, or mother of all breaches as the researchers refer to it, is likely the biggest found to date.
The research team thinks that the 26 billion record database, found on an open storage instance, will likely have been compiled by a malicious actor or data broker. Threat actors could leverage the aggregated data for a wide range of attacks, including identity theft, sophisticated phishing schemes, targeted cyberattacks, and unauthorized access to personal and sensitive accounts, they say.
If there is good news to be found in such a discovery, it is that little of this appears to be new data. Instead, the researchers say, its more a case of compiled records from thousands of previous breaches and data leaks. Whats more, there are undoubtedly a large number of duplicate data records within this compilation. The inclusion of usernames and password combinations does, however, still mean this is a cause for concern. Id expect a surge, if current levels arent high enough, in credential stuffing attacks over the coming weeks as a result.
Although the data from this latest breach and leak compilation discovery has yet to be entered, you can use this free leak checker tool at CyberNews. This will reveal earlier instances where your email address has been leaked, including some of the services from the MOAB database. You can also use the free Have I Been Pwned service as well.
Original post citing Tom's Guide
Even if youre super careful online, your personal and financial information can be exposed in a data breach. Sometimes though, hackers compile credentials and information from past breaches and put it all together to make it easier to use in their attacks.
As reported by Cybernews, this is exactly what happened with a new, supermassive Mother of all Breaches (MOAB) which contains 26 billion records or 13 terabytes of data taken from previous leaks, breaches and hacked databases. In a recent investigation alongside cybersecurity researcher Bob Dyachenko, the news outlet discovered all of these exposed records on an open instance.
-snip
If you want to see if your personal or financial information was exposed online as a result of this leak, youre in luck as Cybernews has created its own data leak checker to make things easier. Likewise, the popular data leak site HaveIBeenPwned will likely also have these records available to search soon.
Read more: https://www.forbes.com/sites/daveywinder/2024/01/22/massive-26-billion-record-leak-dropbox-linkedin-twitterx-all-named/?sh=3de52915472a
The data leak website to check is https://cybernews.com/personal-data-leak-check/
26 billion records is substantial.
bucolic_frolic
(43,442 posts)AllaN01Bear
(18,669 posts)Turbineguy
(37,392 posts)I was compromised through T-Mobile 10 years after I moved to another provider.
FakeNoose
(32,854 posts)... "You are safe for now."
So it answered instantly, without checking any kind of a database or list.
This makes me wonder. Maybe this is all a scam to collect people's email addresses.
Hmmmm....
Trueblue Texan
(2,451 posts)...nothing important was compromised--I try not to give out my phone number but I sure have been getting tons of spam calls in the last 3 months.
Coventina
(27,223 posts)That sucks.
brush
(53,963 posts)No thanks.
getagrip_already
(14,934 posts)The only site on the list I used was LinkedIn, and that only had public data on me.
Twitter helpfully deleted my account I hadn't used in over 10 years. But that had zero personal info anyway.
What the hell is tencent anyway?
sab390
(185 posts)I don't know all of what it owns but it's things like tic TOC and I think that new one that sells a bunch of Chinese crap.
Carlitos Brigante
(26,509 posts)Marthe48
(17,087 posts)traditional USPS. The letter said that some of my data might have been compromised sometime last year, but there is no indication that my data was compromised, but if I'm concerned, I can sign up for the protection the company that sent the letters offers. I threw it away as soon as I saw it was a pitch based on fear.
louis-t
(23,309 posts)One from a health insurance company I haven't used in 10 years and one from a mortgage servicer that sold my mortgage 10 years ago. They should not be able to keep your info including ss# in their computers just waiting to be hacked. If I ever do biz with them again, they can get my info then.
Oh, and I accepted the offer of 1 year and 2 years of ID protection at no cost. It should be 5 years.
questionseverything
(9,665 posts)Before they could approve my requested card
I had never heard of the company
Hubby is dealing with it and going to freeze both our names
Its a hassle because if I actually want to finance something new we have to unfreeze first but better than getting ripped off
🧐
Igel
(35,383 posts)But I have no memory of some of the sites.
One I signed up with and never used. But that was before 2004. Not like I still use a lot of passwords from that far back.
As for actual personal data (SSN, birthdate, etc.)--that I can't change. Then again, I'm really duplicitous. I'm from 40 to 75 years old, always male but sometimes I was born in Rochester NY, sometimes Atlanta GA, sometimes Baltimore MD, sometimes Chicago IL. (Yes, I have a lookup table for sites I currently care about.)
I like my current bank account passwords. I flipped my keyboard to face the wrong direction, closed my eyes, and typed. Then went back and randomly inserted special characters and capitalization. Maxed out the # of characters allowed in a password for my accounts. The shortest is over 20 characters.
mahina
(17,734 posts)Phooey
thinkingagain
(906 posts)Regardless of if your affected by them or not they are annoying and stressful.
Medical breaches recently so far my husband has gotten at least three letters from different companies that he was part of that breach.
But I think laws need to be made for more protection for the consumer, such as no company needs your keep your data for more than like 30 days after your encounter with them, (such as like retail )
Other ones like a year after you close an account or havent activity with you
for a year.
Your account could be closed and info deleted.
They also need to make it so you can access your annual report anytime unlimited not just once a year for free. .
And that you have access for free to all three credit agencies where you can just log into your account and freeze it at any time and unfreeze it any time you dont have to go through hoops to do this.
You can do that at two of the three the third one charges you to have an account to do that. I think you may have to use an app on at least 1 for free to do this.
Maybe have two different network in pro structures one that does just emails and the other one is the one that the information stored.
So if the information is being compromised by when you open the link etc. and an email, then it wouldnt get the private information.
I am rambling because Im frustrated because it seems like just about every day. You hear about these great big data breaches, and they keep getting bigger and bigger.
live love laugh
(13,189 posts)sinkingfeeling
(51,490 posts)The sources are from a forum I joined in 2002 and a 2004 order.
I was surprised to get a letter at my current address this week from an oncology clinic in Arkansas. Their data was hacked and someone might have my cancer history from 2009. I was surprised they had tracked me down. Guess there's no place to hide anymore.
progressoid
(50,011 posts)two breaches on one email. Eight on another.