Month: January 2024

A supermassive database of 26 billion leaked records has been discovered, in what has been called the “Mother of all Breaches” (“MOAB” for short). The massive 12 Terabyte leak was discovered by cybersecurity researcher Bob Dyachenko, working alongside the team at Cybernews. The owner of the open database instance is unlikely ever to be identified. The data contains both credentials and sensitive data.

A quick run through the data tree reveals that the largest number of records, 1.4 billion, comes from Tencent QQ, a Chinese instant messaging app. Next, there are supposedly hundreds of millions of records from Weibo (504M), MySpace (360M), Twitter (281M), Deezer (258M), Linkedin (251M), AdultFriendFinder (220M), Adobe (153M), Canva (143M), VK (101M), Daily Motion (86M), Dropbox (69M), Telegram (41M), and many other companies and organizations.

The leak also includes records of various government organizations in the US, Brazil, Germany, Philippines, Turkey, and other countries.

Cybernews is offering a data leak checker to include information from the MOAB, which will allow users to see whether their data was included in the largest known data leak. Meanwhile, users are strongly advised to stay vigilant and take care of their cyber hygiene.

Read more about it here.

The private data of hundreds of millions of Brazilians were publicly accessible to threat actors, putting many people at risk.

Researchers revealed a publicly accessible Elasticsearch instance, a commonly used tool for the search, analysis, and visualization of large volumes of data, which contained a large amount of private data belonging to Brazilian individuals.

The leaked data contained full names, dates of birth, sex, and Cadastro de Pessoas Físicas (CPF) numbers (Brazilian taxpayer ID).

Over 223 million records were leaked, and it is unknown for how long.

Read more about it here.

Texas-based mortgage and loan company Mr. Cooper has disclosed that almost 14.7 million people’s private information, including addresses and bank account numbers, were stolen in an earlier IT security breach.

In a filing with Maine’s attorney general’s office, Mr. Cooper said the hackers stole customer names, addresses, dates of birth and phone numbers, as well as customer Social Security Numbers and bank account numbers.

The number of affected victims is significantly higher than the 4 million existing customers that Mr. Cooper claims on its website, likely because the company stores historical data on mortgage holders. Mr. Cooper had acquired Nationstar Mortgage LLC, Centex Home Equity, and sister brands RightPath Servicing, Rushmore Servicing, Greenlight Financial Services, and Champion Mortgage.

The company refused to provide further detail about the cyberattack that hit its systems.

This is expected to cost the business at least $25 million to clean up for providing identity protection services for two years.

Read more about it here.