‘Mother of all data breaches’ includes more records, brands than initially thought

Update:

• The majority of the population is affected by what is being called the mother of all data breaches, Manta Sasnauskas, Cybernews head of research, tells Yahoo Finance.
• The breach is now expected to include more than 100 billion leaked records from companies including Venmo, Canva, Apollo and more.
• The leaked data is estimated to be worth $26 billion, Sasnauskas tells Yahoo Finance.
• Threat actors could use the data for credential stuffing in which login data from one account can be used to gain access to multiple other accounts.
• China’s Tencent remains most affected by the leak with 1.5 billion records affected, but hackers also hit LinkedIn, X, Venmo, Canva, Apollo and Adobe, according to Yahoo.

Massive data breach overview: 

• Who: There has been a massive data breach involving 26 billion records from sites such as Twitter, Dropbox, LinkedIn, Adobe, Canva and Telegram.
• Why: The data breach is estimated to be the largest on record, at 12 terabytes of information, and is being called “the mother of all breaches.”
• Where: The massive data breach impacts records from across the United States and worldwide.

(Jan. 30, 2024)

A massive data breach that includes 26 billion records and 12 terabytes of information from companies such as Twitter, Dropbox, LinkedIn, Adobe and more is being called “the mother of all breaches,” Forbes says.

“The dataset is extremely dangerous as threat actors could leverage the aggregated data for a wide range of attacks, including identity theft, sophisticated phishing schemes, targeted cyberattacks and unauthorized access to personal and sensitive accounts,” researchers from Security Discovery and CyberNews say.

The data breach includes 3,800 folders, each containing records from an individual data breach, including 281 million Twitter/X records, 251 million LinkedIn records, 179 million Evite records and 153 million Adobe records, McAfee reports.

U.S., Brazil, Germany governmental bodies included in data breach

The largest data set includes 1.5 billion records from Chinese messaging service Tencent, according to McAfee.

“The leaked data contains far more information than just credentials — most of the exposed data is sensitive and, therefore, valuable for malicious actors,” McAfee says.

Records from government bodies of the United States, Brazil, Germany and other countries are included in the data breach, TechRadar says.

Hackers will likely attempt credential stuffing if users have repeated passwords over several services, TechRadar says.

CyberNews has a data leak checker where users can see if their information has been compromised and from which sites. 

Some of the 26 billion records are repeated, and most of the compromised records are already known or were compiled from other places, TechRadar reports.

In late 2022, Dropbox disclosed it suffered a data breach that compromised 130 code repositories from one of its GitHub organizations.

Have you had identity theft issues after a data breach? Let us know in the comments.

Read About More Class Action Lawsuits & Class Action Settlements:

• LoanDepot class action alleges company failed to prevent massive data breach
• Microsoft employees hit with data breach by Russian state-backed group
• Vans, North Face owner data breach affects 35.5M customers
• Customer files class action over Comcast data breach