Skip to main content

A staggering 26 billion records of leaked, breached, and sold data have emerged on the internet, potentially entangling your personal information in this massive security crisis.

Unearthed by cybersecurity researcher Bob Dyachenko of SecurityDiscovery.com, in collaboration with the Cybernews.com team, Tuesday’s revelations about this colossal collection encompass user logins and personally identifiable information (PII), totaling an astounding 12 terabytes (TB) of data. Cybernews aptly labels it the “mother of all breaches.”

Although researchers currently believe that a significant portion of the data originates from known sources, there is a suspicion that new, unpublished data is likely part of this compilation. Duplicate data is also likely intermingled. To put it in perspective, Cybernews’s own data leak checker contains 15 billion records.

The ramifications of such an extensive public data set, especially one housing sensitive information, are profound. The heightened risk of identity theft looms large, with potential surges in credential-stuffing attacks. In these attacks, malicious actors leverage known passwords and their associated email addresses, attempting them across various online platforms to gain unauthorized access. If individuals reuse or employ similar passwords, attackers could compromise crucial and sensitive accounts.

To ascertain if your data has been compromised, utilize services like Have I Been Pwned and Cybernews’s lookup tool. However, individuals with weak, reused, or unchanged passwords following a breach are particularly vulnerable.

The recommended course of action includes adopting unique, robust, and random passwords for all accounts, especially crucial ones like email, financial, and educational platforms. An additional layer of security can be implemented by leveraging email masks. Password managers provide a convenient means of managing login information, with even free options significantly enhancing online security. In the event of unsolicited requests to verify personal details, exercise caution, and independently verify the legitimacy of the communication with the respective institutions.