Is YOUR data safe? As the ‘Mother of all Breaches’ sees 26billion records leaked online, experts reveal how to check if your emails or passwords have been compromised



Cybersecurity reseachers raised the alarm this week after discovering the ‘Mother of all Breaches’ (MOAB).  

With 26billion records leaked online, experts say this is the single biggest data leak in history.

Sensitive records from popular sites including Twitter, Dropbox and Linkedin were discovered on an unsecured site, which experts say could spark a ‘tsunami of cybercrime’.

So, is your data safe? 

Following the news, experts have revealed to MailOnline how to check if your emails or passwords have been compromised. 

The easiest way to see if you have been affected is to use a data breach checker like this one created by Cybernews. The researchers say that they have logged over 70 per cent of the files in the breach and are aiming to have the checker fully updated by the end of the week
Cybersecurity researchers warn that it is almost certain that your personal data has been exposed in the ‘Mother of All Breaches’ which leaked 26billion records onto an unsecured site

READ MORE: Dymocks hack: Customers warned their personal information could have been leaked on the dark web

Yesterday, researchers from Cybernews and Bob Dyachenko, owner of SecurityDiscovery.com, announced that they had uncovered an enormous data breach.

The researchers discovered that 12 terabytes of data had been stored on an open instance, hidden in plain sight on the internet. 

This data included billions of username and password combinations as well as highly sensitive personal data.

The researchers warn that this dataset could be ‘extremely dangerous’ in the hands of criminals. 

The easiest way to check if this includes any of your information is to use a data breach checker such as Cybernews’ data leak checker.

To use this tool, simply enter your mobile number or email address into the search bar and click ‘Check Now’.

Mantas Sasnauskas, head of security research at Cybernews, told MailOnline the team are working to ensure that the tool includes all the records from this new breach. 

Mr Sasnauskas says that more than 70 per cent of records leaked by the MOAB breach have already been registered on the tool. 

Because the MOAB is a combination of historic breaches and new material, only around a third of the leaked data has not been previously released. 

This means that the data leak checker will still probably show whether your data was included in this latest breach.

Mr Sasnauskas and his team are currently sorting through the remaining 30 per cent of new leaks to see which accounts have been compromised. 

If you use any of these sites, then there is a good chance your details have been leaked. While some records are certainly duplicates these sites have each leaked over 100million personal records

If you are particularly concerned about your account with a specific site, Cybernews has also created a searchable list of sites that have been affected.

You might also be able to tell that an account has been breached if you begin to notice suspicious activity on any of your accounts.

Receiving login notifications from any of your accounts that you do not recognise can be an indication that someone has gained access.

However, given the scale of the breach, Mr Sasnauskas warns that you are almost certainly affected. 

He told MailOnline: ‘Probably the majority of the population have been affected.’

Because of the sheer number of records leaked from popular sites like Linkedin, the experts say that the majority of the population will have at least one account compromised by this leak

READ MORE: Genetic testing company 23andMe admits hackers accessed data of more than 6.9 MILLION people

The researchers expect that this breach contains significantly more than 15.5 billion unique password and account combinations from 3,386 different sites – more than 20 of which have released hundreds of millions of records. 

The biggest leak comes from Tencent’s QQ, a popular Chinese messaging app which had 1.5billion records in the breach.

Some of the other biggest leaks came from MySpace (360m), Twitter (281m), Linkedin (251m), and AdultFriendFinder (220m). 

This means that if you are an internet user, it is almost certain that at least one account you use will have been included in the breach. 

Jake Moore, global cybersecurity adviser for ESET, told MailOnline that people should act under the assumption that their accounts have been compromised. 

Experts warn that you should use this opportunity to change your passwords. If you use X, which leaked 281 million records, hackers will be able to gain access to any account that shares the same password

The biggest risk is that hackers can get control of one account and use that to access others owned by the same person.  

Mr Moore told MailOnline: ‘Unfortunately, many people still reuse their favourite passwords across multiple sites which makes this type of beach spread laterally and very quickly indeed. 

‘Therefore, people should take this announcement as an opportunity to make their passwords unique but also to add multi factor authentication to their accounts.’

Mr Moore also warns that even an old account you no longer use being compromised can risk a cascade of more dangerous attacks.

‘Criminals can do an awful lot from accessing accounts where other personal data may reside such as home address or phone number,’ he says. 

Brian Martin, Director of Product Management at Integrity360 says: ‘It’s well-known that threat actors compile private copies of previous breaches to support their malicious activities.’

Mr Martin explains that this breach data is extremely useful for launching ‘phishing, social engineering, and credential stuffing attacks’.

He recommends that organisations and individuals use good cyber hygiene to limit the risk of future attacks. 

This includes resetting passwords, using two factor authentication, and being aware of phishing techniques.

Mr Martin adds: ‘It’s always been the case that the lack of these basic cyber hygiene steps increases your risk, but the risks grows with the availability of such a massive compilation database of information readily available.’

The existence of massive data dumps like this makes the risk of future cyber attacks much greater since criminals are able to use the account information from one leak to break into others

The researchers who discovered the breach say that the person behind it will likely never be identified.

However, Mr Sasnauskas suspects that it might have been created by someone attempting to build a criminal marketplace for private information.

He added: ‘Historically there were such services and they do sometimes pop up.

‘Basically, you could enter anyone’s email address and you would be able to buy the passwords for their accounts for a couple of dollars.’

It is also possible that this could have been compiled by a data broker or other organisation which works with massive amounts of data.

However, Mr Sasnauskas says it was more likely to have been created by a malicious actor. 

HOW TO CHECK IF YOUR EMAIL ADDRESS IS COMPROMISED



Have I Been Pwned?

Cybersecurity expert and Microsoft regional director Tory Hunt runs ‘Have I Been Pwned’.

The website lets you check whether your email has been compromised as part of any of the data breaches that have happened. 

If your email address pops up you should change your password.

Pwned Passwords

To check if your password may have been exposed in a previous data breach, go to the site’s homepage and enter your email address.

The search tool will check it against the details of historical data breaches that made this information publicly visible. 

If your password does pop up, you’re likely at a greater risk of being exposed to hack attacks, fraud and other cybercrimes.

Mr Hunt built the site to help people check whether or not the password they’d like to use was on a list of known breached passwords. 

The site does not store your password next to any personally identifiable data and every password is encrypted

Other Safety Tips

Hunt provides three easy-to-follow steps for better online security. First, he recommends using a password manager, such as 1Password, to create and save unique passwords for each service you use. 

Next, enable two-factor authentication. Lastly, keep abreast of any breaches

Reference

Denial of responsibility! Elite News is an automatic aggregator of Global media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, and all materials to their authors. For any complaint, please reach us at – [email protected]. We will take necessary action within 24 hours.
DMCA compliant image

Leave a comment