Share this article on:
A database containing at least 26 billion leaked records belonging to major organisations, brands and government agencies has been discovered by security researchers.
The data leak, which contains data belonging to major companies, including Twitter, Adobe, LinkedIn and more, is believed to be the biggest of all time, coming to over 12 terabytes – or 26 billion records.
The database was discovered by cyber security researcher and owner of SecurityDiscovery.com Bob Diachenko, and it contains records that had been collated from privately sold databases, previous breaches, leaks and more.
Researchers believe that the owner of the database is unlikely to ever be found but that due to the interest they have in storing such a vast amount of data, they are likely to be a data broker, threat actor, or another group able to work with data at mass.
According to media reports, the list of companies with over 100 million records leaked are:
Prior to the discovery of the latest data base, the previously largest recorded leak contained 3.2 billion records.
While much of this data had already been exposed, the collection is still severely dangerous as it provides threat actors with a one-stop shop for data that they could use to launch attacks.
“The dataset is extremely dangerous as threat actors could leverage the aggregated data for a wide range of attacks, including identity theft, sophisticated phishing schemes, targeted cyber attacks, and unauthorised access to personal and sensitive accounts,” said researchers, as reported by Cybernews.
Researchers added that the potential for credential stuffing attacks following the incident is high.
“If users use the same passwords for their Netflix account as they do for their Gmail account, attackers can use this to pivot towards other, more sensitive accounts.
“Apart from that, users whose data has been included in supermassive MOAB may become victims of spear-phishing attacks or receive high levels of spam emails,” the researchers said.
In addition, while duplicate files are likely to have pushed the number up to 26 billion, lots of the exposed data are incredibly sensitive, going further than just credentials.
Chinese multinational technology conglomerate Tencent suffered the worst following the leak, with 1.5 billion records leaked alone, with Weibo far behind at second with a comparatively low 504 million.
Other companies include Daily Motion with 86 million, Dropbox with 69 million, Telegram with 41 million, and many more.
A number of government agencies were also included, according to reports, including Brazil, Germany, Philippines, Turkey, the US and more.