A massive database containing the gains of thousands of data breaches has been found online, amounting to 12TB and comprising over 26 billion records, making it the largest ever discovered.
Cybernews claims to have made the discovery along with Bob Dyachenko, the owner of SecurityDiscovery.com.
The tranche is a compilation of thousands of compiled breaches and privately sold databases, with the owner thought likely to be a threat actor or data broker, who would have an interest in storing and compiling such data in order to profit from it, or possibly a service that works with large datasets.
Popular companies affected
Of all the breached records its contains, those coming from the Chinese messaging app Tencent QQ top the table, with 1.4 billion records. There are also allegedly hundreds of millions of records each pertaining to Weibo, X (FKA Twitter), LinkedIn, Deezer, Adobe, Canva, Dropbox, Telegram, and Daily Motion, to name just a few. Records related to government bodies of the US, Brazil, Germany, and other countries are also featured in the database.
The aggregated data could prove very useful to cybercriminals, who could leverage it to commit identity theft and other cyberattacks, such as phishing and social engineering scams. The data includes sensitive information beyond mere credentials.
If those affected have reused passwords for many services, then attackers may try credential stuffing attacks, where they try to hack multiple services the user has signed up for with the same details.
However, it is also believed that the breaches contained within the database are already known about, with none undisclosed. There are also thought to be many duplicates within the 26 billion records.