Sunday, March 3, 2024

26 billion accounts and records were stolen, it was revealed

One of the largest known data breaches could compromise billions of accounts worldwide. Dubbed the ‘mother of all data breaches’, it contained more than 26 billion stolen account records across thousands of websites, services, companies, and government organizations. There are more than 12 terabytes of information that includes both compilations of previous leaks and private databases for sale as well as new information distributed in 3,800 folders, each corresponding to a variety of security breaches.

According to the group of cybersecurity researchers formed by Bob Dyachenko of SecurityDiscovery.com and members of Cybernews, the media that discovered it, the information was found in ‘an open opportunity’ whose owner is unlikely to recognize it. In comparison, the Cybernews database containing all known major leaks compiles between 2.5 and 15 billion records, so they consider it almost a certainty that the new discovery has new data never seen before.

‘The data set is very dangerous, as threat actors can use the aggregated data for a wide range of attacks, including identity theft, sophisticated phishing schemes, targeted cyberattacks, and unauthorized access to personal and confidential accounts,’, say the researchers.

The leaked information does not only correspond to access credentials to sites such as Twitter, LinkedIn, Telegram, Canva, Adobe, etc., or government organizations from the United States, Germany, Brazil, and other countries. Cybernews only determined that this was also confidential data and therefore valuable to cybercriminals.

Tencent QQ, a popular messaging app in China, has the highest number of registrations, with 1.4 billion. Other services highlighted in the leak are Weibo (504 million), MySpace (360), Twitter (281), Deezer (258), Linkedin (251), AdultFriendFinder (220), Adobe (153), Canva (143), Badoo (127), VK (101), DailyMotion (86), Dropbox (69), and Telegram (41). And this is just a small sample.

A risk that these types of leaks exist, even if they are compilations of already-known leaks and do not present new data, is that they can be exploited by malicious actors for a wave of credential attacks. This is when an attacker uses leaked credentials to attempt to automatically access accounts on other websites, relying on the fact that affected individuals may have used the same username and password combination multiple times. places.

‘If users use the same passwords for their Netflix account as they do for their Gmail account, attackers can use them to pivot to other, more sensitive accounts. In addition to that, users whose data is included in a supermassive breach can become victims of spear-phishing attacks (a phishing attack aimed at a specific person or group) or receive a high level of spam,’ the researchers explained.

Cybernews is in the process of incorporating the information into its leak database to verify which credentials were affected.

World Nation News Desk
World Nation News Deskhttps://worldnationnews.com/
World Nation News is a digital news portal website. Which provides important and latest breaking news updates to our audience in an effective and efficient ways, like world’s top stories, entertainment, sports, technology and much more news.
Latest news
Related news