Data breaches are happening with alarming frequency lately, which means it’s increasingly likely your data is out in the wild somewhere. If there’s one place that user data is likely to exist, it’s in a massive data breach pool that was recently discovered by CyberNews and SecurityDiscovery.com. This data pool looks to be a compilation of many major breaches and includes over 26 billion data breach records. That amounts to over 12TB of data, and it includes more than just passwords.
The exact nature of the records is unknown, but there are a few possibilities. The most likely records to be found in this data breach are usernames and passwords. However, it’s possible that other types of information, like credit card information or addresses are included as well. The good news is, the researchers do not suspect that new data is included in the pool. Rather, it’s a major sourcing of pre-existing data breaches. According to the researchers, this suggests that the owner has a “vested interest in storing large amounts of data.”
What’s included in the data breach’s 26 billion records
The research into this data breach was led by Bob Dyachenko, a cybersecurity expert and the owner of SecurityDiscovery.com. Although the team says that no new data leaks are known to be included, that doesn’t mean end users shouldn’t be concerned. “The dataset is extremely dangerous as threat actors could leverage the aggregated data for a wide range of attacks,” the researchers told CyberNews. “Including identity theft, sophisticated phishing schemes, targeted cyberattacks, and unauthorized access to personal and sensitive accounts.”
The data breach’s 26 billion records also include information that users probably won’t want getting out. The company or brand with the most leaked records in the data pool was Tencent, a Chinese tech giant, who had 1.5 billion records leaked. Tencent, among other things, operates the Tencent QQ messaging app. Other sites with millions of leaked records include LinkedIn, Deezer, Adobe, and Canva. Some adult sites were also included in the data pool such as 220 million records from AdultFriendFinder.
Besides companies and brands, some data is also stolen from governments, such as the U.S., Brazil, Germany, Philippines, Turkey, and more. But the real concern is that malicious actors could use the stolen data for more widespread identity theft. For example, if you use the same password for LinkedIn as your banking app, you might be in trouble. A potentially-compromised social media site could spiral into a financial disaster quickly.
How to check if your data is in the breach
There’s no clear cut way to know if your data has been breached with absolute certainty. However, there are a few things you can do. There’s a search bar at the bottom of CyberNews’ article that lets you search through every site that was compromised. If you use a site that has been breached, you should change your password just to be safe. You can also visit haveibeenpwned.com and enter your email to see if it has appeared in a data breach. Otherwise, a good rule of thumb is to use strong passwords, different passwords, and change them if you think they’ve been compromised.
No comments:
Post a Comment