Tuesday, Jan. 23: In a statement to VPNOverview, a LinkedIn spokesperson said the company is looking into the leak but hasn’t found any indication that its systems have been compromised. “We are working to fully investigate these claims and we have seen no evidence that LinkedIn’s systems were impacted,” the spokesperson said.
Meanwhile, Kaspersky told VPNOverview that it’s not uncommon for “multiple databases to be combined and portrayed as new.”
“These “combolists” can include consolidated information from various previously leaked databases, including passwords and their associated email address. They may even include emails from open sources combined with random passwords from other leaked password databases,” a statement from Kaspersky researchers said.
Researchers say a “supermassive” trove of data found online may be the largest data leak ever. The hoard — 12 terabytes (TB) of data — includes 26 billion individual records.
The collection of mostly “sensitive” data comes from multiple sources, including popular online platforms like Twitter (X), LinkedIn, and Tencent, as well as government records, the researchers said, warning that this data could be “extremely dangerous” in the hands of cybercriminals.
Researchers from Security Discovery and CyberNews found the data in an “open [unlocked] instance.” In total, there were over 3,800 folders in the dataset, with each folder representing a different data breach.
While some of the data has been previously leaked online, the trove also includes “never before seen information.”
The identity of the owner of the dataset is unclear at this time. The researchers believe they must have “a vested interest in storing large amounts of data” and are either a threat actor, data broker, or a service that processes large volumes of data.
‘Mother of All Breaches’
The largest number of leaked records — 1.4 billion — comes from Chinese instant messaging app Tencent QQ. Another Chinese app, Weibo, ranks second with 504 million records. The other biggest sources of the leaked data include MySpace (360 million), Twitter (281 million), Deezer (258 million) and LinkedIn (251 million).
AdultFriendFinder, Luxottica, Adobe, Canva, and VK were also listed among the sources of the leaked data. The dataset even includes data from government organizations in the U.S., Brazil, Germany, the Philippines, Turkey, and other nations, the report added.
The breach exposed a range of personal data — not just login credentials like passwords — that threat actors can use to conduct identity theft, phishing, and other targeted attacks. Victims of the breach who use the same login details for other accounts may be susceptible to credential-stuffing attacks.
“If users use the same passwords for their Netflix account as they do for their Gmail account, attackers can use this to pivot towards other, more sensitive accounts,” the researchers explained.
Secure Your Accounts Now
To keep your accounts safe, we recommend changing your passwords right away, particularly if you reuse the same password across different accounts. Also, activate multi-factor authentication across your accounts or consider using passkeys.
Remember, never repeat passwords. You can use a password manager to create and store secure passwords. We’ve tested many password managers, and NordPass ranks number one for security and affordability. It even comes with a data breach scanner that allows you to check if your data has been leaked online.
Read our NordPass review to learn more about this password manager and discover how it performed in our tests.
Concerned your data was exposed in this massive leak? You can search on Cybernews’s data leak checker to see if your privacy is at risk. Other platforms, like Have I Been Pwned, also allow you to check if your passwords or emails have been leaked online.
For more news, follow us on X (Twitter), Threads, and Mastodon!
