mother-of-all-breaches
MOAB: “Mother of all Breaches” Over 26 billion records of leaked data exposed
January 26, 2024
Posted By: Research Team

MOAB: “Mother of all Breaches” Over 26 billion records of leaked data exposed

A massive data breach named the Mother of All Breaches (MOAB) was recently found to have 26 billion records from multiple sites. Over 3,800 folders of data, each representing a distinct breach, are combined in this massive leak, which cybersecurity researcher Bob Dyachenko and the Cybernews team examined. Records from Tencent, Weibo, LinkedIn, Twitter, and other websites are among the 12 terabytes of exposed data. The possible consequences are concerning since the data is sensitive, and there is a risk of identity theft, advanced phishing, and targeted cyberattacks.

 

The MOAB’s key highlights are:

 

The Extent of the Breach

  • More than any other breach, MOAB is widely regarded as the largest data leak ever discovered.
  • MOAB is a collection of thousands of data breaches and leaks rather than a single incident.
  • The 12-terabyte data set contains records from Weibo, Tencent QQ, LinkedIn, Twitter, and other services.

 

The Nature of the Data

  • While the specific data classifications differ, they include more than login credentials. The security breach likely exposes sensitive information such as dates of birth, phone numbers, home addresses, email addresses, and potentially financial data.
  • This volume and type of data in a single repository make it extremely valuable for malicious criminals looking to use it for identity theft, phishing scams, and other illicit activities.
  • The number of unique records is likely less than 26 billion, according to the researchers, who believe that duplication is present in the data.
  • The leak source and technique used to generate the data are unknown.
  • This incident emphasizes the importance of practicing proper cyber hygiene and how common data leaks are becoming.

 

Recommendations

In the wake of MOAB and subsequent breaches, alertness, and proper mitigations can lower the risk. Use these recommendations as a point of reference.

  1. Third-Party Review and Inventory. While this leak likely contains previously reported and disclosed breached data, this is a good opportunity to inventory your enterprise’s third-party vendors where corporate data may be stored. Start with high-risk vendors and refresh any outdated third-party risk assessments.
  2. Password Rotation and Reset. Use multi-factor authentication (MFA) and strong, unique credentials whenever feasible for any third-party portal or application. Leverage and train users to use an enterprise password manager.
  3. User Awareness and Training. Inform staff members and clients about MOAB and recommended procedures for maintaining strong passwords, being cautious of phishing scams, and reporting suspicious activity.
  4. Threat Intelligence Monitoring. Subscribe to reputable threat intelligence monitoring sources. Focus on dark web activity that may indicate that your organization’s data may be exposed or for sale.