Asia Tech Wire (Jan 23) -- Researchers have discovered a historic data breach of 26 billion records from Tencent, Weibo, Twitter and others.
Cybersecurity researchers at data security website SecurityDiscovery.com and Cybernews recently said they discovered what may be the largest data breach of all time on an insecure web instance, which they dubbed Mother of all Breaches (MOAB).
The researchers said they found that the data breach involved a whopping 12 terabytes of information, with more than 26 billion personal records exposed. The supermassive MOAB consisted of previously stolen data, some of which must have been duplicates.
They point out that there are hundreds of websites involved in the data breach, with more than 20 of them leaking up to hundreds of millions of pieces of data. If anyone has used any of these sites, it is likely that their sensitive personal details have been compromised.
Most Leaked Records from China's Tencent and Weibo
The Cybernews report revealed that Tencent ranked first with 1.5 billion leaked records, followed by Chinese social media platform Weibo, which had 504 million records leaked.
Other top data leaks came from MySpace (360 million), Twitter (281 million), and LinkedIn (251 million).
In addition, Chinese companies that had more than 100 million leaked records included NetEase (261 million), JD.com (142 million), and Youku (100 million).
Apart from personal records, the leaked data also included information from several government organisations in the U.S., Brazil, Germany, the Philippines, Turkey and other countries.
"The dataset is extremely dangerous as threat actors could leverage the aggregated data for a wide range of attacks, including identity theft, sophisticated phishing schemes, targeted cyberattacks, and unauthorized access to personal and sensitive accounts," the researchers said.
Jake Moore, global cybersecurity advisor for Slovak software company ESET, called it "an absolutely huge breach of data," according to the Daily Mail.
Moore said, "Cybercriminals cannot ever be underestimated with what they can achieve with even minimal information but if passwords have been taken the victims need to be aware of the consequences and must make the appropriate security updates."
Urgent Reminder from Experts
The most worrying thing is that these records in the supermassive MOAB could provide the basis for a massive cybercrime wave, the researchers said.
They said, "If users use the same passwords for their Netflix account as they do for their Gmail account, attackers can use this to pivot towards other, more sensitive accounts."
For example, if you use the same mobile phone number for your bank and Twitter, hackers could use this breach to access your banking information. And by accessing previously leaked data, cybercriminals are also able to access information across accounts with the same email address.
Experts warn against exposing personal information online if it is not absolutely necessary. The most important thing one can do if worrying about personal data being compromised is to update one's passwords and ensure that multiple accounts have different passwords to reduce the risk of one account being hacked and all data being jeopardised.
Cybernews has posted a data leak checker on its website that allows users to enter an email address or phone number in the search field and click "Check now" to see if that account information has been leaked.
Additionally, Cybernews has created a list of websites where users can see if they will be affected by a the data leak by entering a URL.