Mother of all leaks: 26 billion records from all corners of the web were made publicly available

[Brother]

The largest amount of data in history can become a weapon of mass destruction in the right hands.

Cybernews specialists led by cybersecurity researcher Bob Dyachenko identified a huge data leak, called the "Mother of all Breaches" (MOAB) and consisting of 12 TB of information and more than 26 billion rubles. records. This is a record volume, covering data from thousands of previous leaks, reindexed and carefully collected.

The danger of a leak lies not only in its scale, but also in its content. The information includes data from many private databases, which makes it impossible to identify the owner of the data. The leak contains not only standard credentials, but also extremely sensitive information, making it especially valuable for attackers.

Among the data is a huge number of records from previous leaks. For example, the largest volume of records, 1.4 billion, users of the Chinese messenger Tencent QQ. Also in the leak there are hundreds of millions of records from companies such as Weibo, MySpace, X*, Deezer, LinkedIn, AdultFriendFinder, Adobe, Canva, VK, Daily Motion, Dropbox, Telegram and others. In addition, the leak affected the records of various government organizations in the United States, Brazil, Germany, the Philippines, Turkey, etc.

The researchers emphasize that the consequences for users can be unprecedented. Many people use the same passwords for different accounts, which can lead to large-scale attacks on accounts. In addition, users whose data is exposed to MOAB may become victims of targeted phishing attacks or spam.

DarkBeam, a digital risk protection company, suffered a massive data breach last year, leaving its Elasticsearch and Kibana interfaces unprotected. As a result, 3.8 billion records with email addresses and passwords of users from previously public and even unknown security breaches were disclosed. For comparison, this leak represents 14.6% of the MOAB data volume, which indicates the record scale of the current leak.

 

[Carding Forum]

Following MOAB (the" Mother of All Leaks") with 12 TB and $ 26 billion. now another huge leak RockYou2024 has rolled up, including 10 billion passwords, becoming the largest collection of its kind.

A collection of a staggering 9,948,575,739 unique text passwords was discovered by Cybernews researchers on July 4 on the popular ObamaCare hacker forum.

Resercers compared passwords from the RockYou2024 leak with data from the Leaked Password Checker from Cybernews, the results showed that they were obtained from both old and new data leaks.

In fact, RockYou2024 is a collection of real passwords used by people around the world, maximizing the risks of attacks with substitution of credentials, as in the case of Snowflake, Santander, Ticketmaster, Advance Auto Parts, QuoteWizard, etc.

Moreover, as the researchers found out, the new RockYou2024 is based on the three-year selection of RockYou2021, which at one time was also the largest, included 8.4 billion passwords in plain text and was an extension of the same one from 2009.

The author of RockYou2024 actually enriched the previous one, adding another 1.5 billion passwords from 2021 to 2024 from new leaks and thereby increasing the data set by 15 percent.

Thus, the latest version of RockYou contains information gathered from more than 4,000 databases over more than two decades.

Cybernews believes that in combination with the darknet-infested leaks that, for example, contain email addresses and other credentials, RockYou2024 may contribute to a cascade of such leaks and related targeted attacks.