A massive data breach dubbed the 'Mother of All Breaches' has seen 26 BILLION records leaked from sites like Twitter, Linkedin and Dropbox – here's how to check if you're affected
Your personal data may have been leaked in the 'Mother of all Breaches' (MOAB), cybersecurity researchers warn.
More than 26 billion personal data have been exposed, which researchers say is the largest data breach ever.
Sensitive information from several sites, including Twitter, Dropbox and Linkedin, was discovered on an unsecured page.
Worryingly, the researchers who discovered the breach claim that this breach is extremely dangerous and could trigger a tsunami of cybercrime.
Here's how to check if you're affected.
Your personal data may have been leaked in the 'Mother of all Breaches', cybersecurity researchers have warned (stock image)
If you're using one of these sites, there's a good chance your data has been leaked. While some of the data is certainly duplicate, these sites have each leaked more than 100 million personal details
Bob Dyachenko, owner of SecurityDiscovery.com, and Cybernews researchers discovered the data breach on an unsecured web instance.
The owner of the massive breach will likely never be discovered, but the researchers suggest it could be a malicious actor, data broker or service working with large amounts of data.
Initial investigations into the data indicate that it does not come from a new breach, but is actually a collection of previous breaches.
Of the 12 terabytes of records, the researchers also note that some are almost certainly duplicates.
However, the data breach is still extremely concerning due to the sensitive nature of the information released.
The researchers said: 'The dataset is extremely dangerous because threat actors can use the collected data for a wide range of attacks.'
They say these attacks can include identity theft, sophisticated phishing schemes, targeted cyber attacks and unauthorized access to personal and sensitive accounts.
Data has been leaked from hundreds of different sites, more than twenty of which have exposed hundreds of millions of data.
The biggest leak comes from Tencent's QQ, a popular Chinese messaging app that contained 1.5 billion records.
For context, in 2019, nearly a billion records were leaked from an unsecured database created by Verifications.io.
At the time, this was one of the largest and most damaging leaks ever, but it did not contain as much data as QQ alone has now leaked.
Experts warn that the data, which has been leaked from sites such as Linkedin, could be extremely dangerous. Criminals can use this type of sensitive personal information to create a huge wave of cybercrime, including phishing attacks, identity theft and targeted cyber attacks
This was followed by Weibo, the Chinese social media platform, which had 504 million records.
Some of the other biggest leaks came from MySpace (360 million), Twitter (281 million), Linkedin (251 million), and AdultFriendFinder (220 million).
The leak also included data from several government organizations from the US, Brazil, Germany, the Philippines, Turkey and others.
Jake Moore, global cybersecurity advisor for ESET, told MailOnline: 'This is an absolutely massive data breach.
'Cybercriminals should never be underestimated as to what they can achieve with even minimal information, but if passwords have been stolen, victims should be aware of the consequences and implement the appropriate security updates.'
To see if your data has been affected by historical data breaches, you can use Cybernews' data breach check.
Simply enter your email address or phone number into the search bar and click 'check now' to see if that account information has been leaked.
Cybernews says it is currently working on updating the tool to ensure it can check for data leaked in this latest breach.
Alternatively, Cybernews also has one searchable list of sites affected by the breach.
To see if your data has been affected by historical data breaches, you can use Cybernews' data breach checker. Simply enter your email address or phone number into the search bar and click 'check now' to see if that account information has been leaked
If you're particularly concerned about the impact of a site you're using, you can search the site name to see if any data has been leaked.
According to the researchers, the biggest concern is that this data could form the basis for a huge wave of cybercrime.
“If users use the same passwords for their Netflix account as they do for their Gmail account, attackers can use this to access other, more sensitive accounts,” they say.
By accessing databases of past breaches, cybercriminals can match email addresses and identify information between accounts.
For example, if you use the same mobile number for your bank and for Twitter, hackers could use this flaw to find their way to your banking details.
Experts warn that using the same passwords and identification details for social media accounts such as X, formerly Twitter, as you do for more important services such as banking apps could put you at risk of a serious cyber attack.
For this reason, experts warn against disclosing more personal information online than is absolutely necessary.
“Apart from that, users whose data is included in the super-heavy MOAB may fall victim to spearphishing attacks or receive a large number of spam emails.”
If you're concerned that your personal information has been compromised in this breach, the most important thing you should do is update your passwords.
By making sure you don't use the same passwords for multiple accounts, you reduce the risk of one account compromising all your data.
Mr Moore added: 'Those affected will need to change their passwords and be alert to following up on phishing emails, while ensuring all accounts – whether affected or not – are equipped with two-factor authentication .'