Massive collection of breached data with 26 billion records puts majority of internet users at risk

published: Jan. 23, 2024

Take action: Given the volume of data, you can safely assume some of your accounts are in it. While the leaked data set contains mostly data from previous breaches, now it's collected and packaged in a single set and enables attackers to craft more comprehensive attacks, both abusing the passwords in the leak as well as accounts and platforms in social engineering and phishing attacks. Time to activate MFA on EVERYTHING and be very weary of random messages on all channels - email, social media, SMS, and everything in between.


Learn More

Security researchers have uncovered a colossal data breach, dubbed the "Mother of All Breaches" (MOAB), comprising approximately 26 billion records and spanning 12 terabytes. This breach, believed to be the largest to date, was discovered by Security Discovery and CyberNews and consists mainly of compiled records from numerous previous breaches and leaks.

The database, found on an open storage instance, likely created by a malicious actor or data broker, includes data from various platforms such as (the list is not exhaustive):

  • Tencent,
  • Weibo,
  • Twitter,
  • Dropbox,
  • LinkedIn,
  • Adobe,
  • Canva,
  • Telegram,
  • U.S. and other government organizations.
  • MySpace,
  • MyFitnessPal,
  • JD.com

The most affected entity appears to be the Chinese instant messaging app Tencent QQ, with around 1.4 billion records stolen. Moreover, data from various government organizations across multiple countries, including the US, Brazil, Germany, Philippines, and Turkey, is also part of the leak.

The dataset includes usernames and password combinations, heightening the risk of credential stuffing attacks. The leaked records pose significant risks, enabling potential identity theft, phishing schemes, targeted cyberattacks, and unauthorized account access.

Massive collection of breached data with 26 billion records puts majority of internet users at risk