- ITDM 2025 전망 | “비전을 품은 기술 투자, 모두가 주춤한 시기에 진가 발휘할 것” 컬리 박성철 본부장
- The Model Context Protocol: Simplifying Building AI apps with Anthropic Claude Desktop and Docker | Docker
- This robot vacuum and mop performs as well as some flagship models - but at half the price
- Finally, a ThinkPad model that checks all the boxes for me as a working professional
- Why I recommend this Android phone for kids over a cheap Samsung or Motorola model
“Mother of All Breaches” Unlikely to Contain New Data
A new 12TB database of 26 billion records has been found exposed online by security researchers, although its contents were pieced together from previous breaches.
Described as “the mother of all breaches” by Cybernews, the haul was discovered by it and noted security researcher Bob Diachenko on a publicly available instance with no authentication required for access.
Among the records leaked in the trove are 1.5 billion belonging to Tencent customers and 500 million from Chinese Twitter-like site Weibo, alongside MySpace (360 million), Twitter (281 million), LinkedIn (251 million), Adobe (153 million) and many more.
However, it’s unlikely that any previously undiscovered breaches have been made public in the leak.
“Every single data breach ever reported or sold was carefully collected by an unknown actor and left in a misconfigured instance,” clarified Diachenko.
Every single data breach ever reported or sold was carefully collected by an unknown actor and left in a misconfigured instance. I’d say it is even bigger than @troyhunt‘s HIBP. https://t.co/ZyMqT0nLO8
— Bob Diachenko 🇺🇦 (@MayhemDayOne) January 22, 2024
There are also likely to be a sizeable number of duplicates in there.
However, while it’s unclear how many of the records are password/email combinations, the find could prompt a renewed wave of credential stuffing attacks.
ESET global cybersecurity advisor, Jake Moore, urged users to remember best practice cyber-hygiene to keep accounts secure.
“We should never underestimate what cybercriminals can achieve with such limited information. Victims need to be aware of the consequences of stolen passwords and make the necessary security updates in response,” he said.
“This includes changing their passwords, being alert to phishing emails following the breach, and ensuring all accounts, whether affected or not, are equipped with two-factor authentication.”
Read more on mega-breaches: Password Reuse at 60% as 1.5 Billion Combos Discovered Online
A more impactful discovery was arguably made last week, when breach notification site HaveIBeenPwned (HIBP) published a massive collection of username/password pairs, known as the “Naz.API” list. This data was obtained from info-stealing malware and credential stuffing lists from previous breaches.
Hunt identified 71 million unique email addresses in the haul and warned that a third of them are not listed in HIBP, meaning it’s a “significant volume of new data” which could be used subsequently to access users’ accounts.