Why the ‘mother of all breaches’ is a wake up call for everyone

Mother of all breaches concept art showing a warning symbol on a circuit board indicating a data breach or security threat
(Image credit: Getty Images)

A massive 26 billion record data leak known as the ‘mother of all breaches’ has been released en-masse by an unknown source, prompting advice for users globally to change login credentials for several services. 

The leak, discovered by cybersecurity researcher Bob Dyachenko and released through Cybernews, casts its net far and wide, revealing data from Tencent, Twitter, Deezer, Dropbox, and LinkedIn, to name a few.

Tencent tops the chart, with 1.5 billion records leaked, followed by Weibo at 504 million and MySpace at 360 million.

According to researchers, the huge database is comprised of reindexed leaks, breaches, and privately sold databases, drawing stark attention to the wealth of data available to threat actors.

Erfan Shadabi, cyber security expert at comforte AG said the potential impact of the data leak could be “unprecedented”, and warned that the incident could prompt a wave of credential-stuffing attacks.

“This threat is particularly potent due to the widespread practice of username and password reuse,” Shadabi said.

“In light of this, organizations must recognize the urgency of implementing comprehensive data protection strategies to mitigate the fallout from such breaches.”

The ‘mother of all breaches’ shines a light on our digital footprints

Arctic Wolf CISO Adam Marrè said the sheer scale of the data leak should act as a wake up call for both individuals and businesses alike worldwide. 

“This is a good time to remember that many of the online tools and platforms we use get breached and either leak or lose our information,” he said.

“Threat actors hold onto this data forever, and even add to it, as evidenced by this trove of information,” Marrè added. “Now, more than ever, we need to have good security practices in the face of this reality.”

The digital age has created, among other things, a world in which the average person will leave a digital footprint, likely a large one, in the form of reams of personal data and account details.

With cyber attacks and data breaches having increased rapidly in recent months, one security expert said it’s easy to forget where this data often end up in the wake of an incident.

“The predominant focus tends to be on the technical aspects of an attack – how it infiltrated, its path, and the removal of the attack code,” Greg Day, SVP and global field CISO at Cybereason, told ITPro.

“Unfortunately, the crucial human element is frequently overlooked,” he added.

“Questions surrounding the actions of the adversary, such as the creation of new accounts, theft of user accounts, or the manipulation of data from the compromised business, often go unexplored.”

This recent leak reminds users that data never disappears, and leaked data is no exception.

How victims can protect themselves after the ‘mother of all breaches’ 

Key steps to mitigate the potential risks associated with the breach include making immediate changes to account security and changing login credentials, researchers said. 

RELATED RESOURCE

A CEO's guide from IBM to help them win in the new generative AI market landscape

(Image credit: IBM)

Discover how generative AI offers the technical support to operate successfully

DOWNLOAD NOW

“Victims need to be aware of the consequences of stolen passwords and make the necessary security updates in response,” said Jake Moore, global cybersecurity advisor at ESET.

“This includes changing their passwords, being alert to phishing emails following the breach, and ensuring all accounts, whether affected or not, are equipped with two-factor authentication,” he added.

Marrè echoed this sentiment on two-factor authentication, adding that regularly checking whether your email has been affected by a data breach is also important, as well using a password manager for complex and non-reused passwords.

George Fitzmaurice
Staff Writer

George Fitzmaurice is a staff writer at ITPro, ChannelPro, and CloudPro, with a particular interest in AI regulation, data legislation, and market development. After graduating from the University of Oxford with a degree in English Language and Literature, he undertook an internship at the New Statesman before starting at ITPro. Outside of the office, George is both an aspiring musician and an avid reader.