The leak of 26 billion records garnered widespread attention, earning it the title “mother of all breaches” (MOAB).Bob Diachenko, Co-Founder and Director of Cyber Threat Intelligence security discoverya cybersecurity news and consulting services company, and the team at Cybernews first discovered a leak.
How did this staggering number of records get exposed? What should CIOs, CISOs, and other security leaders know about MOAB?
violation
The 26 billion records involved in this breach may include data from past breaches as well as new data that has not previously been made public. As reported by Cybernews, this dataset includes breaches, reindexed leaks, and privately sold databases.
The ownership of the dataset was initially unknown, but Leak-Lookup has since come forward. The data breach search engine posted on X that the breach resulted in: Misconfigured firewall, it was fixed. The next day, I posted update Since December, we have shared that the initial access was obtained due to a server misconfiguration.
SecurityDiscovery regularly analyzes data from search engines. “We pay particular attention to noSQL databases and Elasticsearch instances that are misconfigured,” Diachenko tells his InformationWeek. “We analyze them based on size, keywords, and other data that may lead to the discovery of sensitive data that should not be made public.”
Contains MOAB Total 4,145 datasetsOf these datasets, 1,448 contain more than 100,000 records, according to the latest information Diachenko shared with X.
“Of course, most or some of them definitely overlap, but it’s still mind-boggling to have such a thoroughly structured collection under one roof. ” Diachenko says.
MOAB contains leaked data from companies such as LinkedIn, Adobe, Dropbox, Telegram, and X. According to CyberNews, the leaked data also includes records from government agencies in the United States and other countries.
Potential impact
Information released in MOAB can be weaponized for future attacks. “A lot of malware, a lot of information thieves collect passwords, credit card information, bank account information, or whatever falls into a data breach, like MOAB. [which] John Hammond, Principal Security Researcher at Managed Cybersecurity Platforms, said: huntress.
The sheer amount of data leaked by MOAB could make it easier for attackers to conduct more convincing social engineering attacks. “They know you so much better now.” Lisa Plagemier, Executive Director National Cyber Security AllianceThe cybersecurity awareness and education nonprofit says: “This makes phishing emails and text messages sound incredibly convincing.”
That ability could be further enhanced by rapid improvements in deepfakes, according to Plaggemier. “It’s very difficult to tell the difference between audio and video,” she says. “When you combine this with all the information in this breach, we think it will improve the quality of social engineering attacks.”
Security teams should consider whether corporate data or customer data has been exposed in MOAB. Even if your organization’s information captured by MOAB is from a previous breach, it’s a good idea to consider the potential risks.
Crystal Moerin, Cybersecurity Strategist at a Cloud Security Company sisdig, we recommend communicating with end users. “It never hurts to send a message with a friendly reminder, ‘Hey, what do you think?’ The incident that led to this whole breach occurred and previously exposed data resurfaced.”
It is also important to consider how past breaches occurred. “Confirm that these vulnerabilities and misconfigurations that were exploited over a year ago have actually been mitigated and are no longer an issue,” Morin said.
MOAB serves as a warning for organizations to assess their security and be proactive in preventing future breaches.
“If we’re part of this leak, let’s change our passwords,” Hammond said. “Let’s board up the windows, let’s play the best offense we can, and let’s be better so this doesn’t happen in the future. [it’s a] doing repeatedly. It will inevitably happen. ”
Prepare for further breaches
sites like have I been pawned? This can help individuals determine whether their information has been compromised in a breach, but MOAB and other breaches are certain to occur, so it is likely safe to assume a breach. Masu.
“I think the days of trying to see if you’re affected are over,” Pragemier said. “I think you have to assume that all of your information is out there and stored in databases that are owned by bad actors or state actors.”
Operating in a world where the risk of a breach is ever-present requires companies to double down on their cybersecurity hygiene. Enforcing strong password habits, implementing multi-factor authentication, and regular patching are important tools to reduce the risk of a breach. As social engineering attacks continue to increase in volume and sophistication, it is also important to educate your employees, customers, and third parties about the risks of social engineering.
“Many of us believe that data is the lifeblood of business, and cybercrime is no exception. Everything we do with data in the legitimate world, cybercriminals also do with theirs. We have to remember that we are doing this with data from around the world,” Plagemier says.
Although MOAB gained attention for its massive record leak, it doesn’t necessarily hold that title. “I still think there are bigger collections out there,” Diatchenko says. Another leak could be her new MOAB in the future.