Mother of all data breaches — how South Africans can protect themselves
Cybernews and security researcher Bob Dyachenko from SecurityDiscovery revealed this week that they discovered a trove of data containing 26 billion records across 12 terabytes of files on the open Internet.
According to the report, while there is likely some new data in the leak, it appears to be mostly old data — a compilation of previous data breaches, reindexed leaks, and privately sold databases.
However, it is by far the largest of its sort, with Cybernews dubbing it the “Mother of all Breaches”.
While security researchers identified over 26 billion records, they noted that duplicates are highly likely.
However, they also said the leaked data contains more than just credentials.
“The dataset is extremely dangerous as threat actors could leverage the aggregated data for a wide range of attacks, including identity theft, sophisticated phishing schemes, targeted cyberattacks, and unauthorised access to personal and sensitive accounts,” the researchers stated.
Cybernews provided a list of companies with over 100 million records in the dataset.
The service with the most accounts in the leak was Tencent’s QQ instant messaging app, with 1.4 billion records.
Chinese microblogging platform Weibo came second with 504 million exposed records, followed by defunct social network MySpace with 360 million records.
Others include Deezer (258m), Linkedin (251m), AdultFriendFinder (220m), and Adobe (153m).
Cybernews also mentioned Dropbox (69m) and Telegram (41m).
In addition to providing a data leak checker, it also posted a list of 3,875 domains contained in the leak.
There were 11 domains ending in .za, and some non-ZA domains South Africans may find of interest.
These include 4x4community.com (which redirects to a .co.za-hosted forum), sagamer.co.za, and everyshop.co.za.
It should be noted that the old SAGamer forum was shut down when Raru went out of business in November 2022.
Members of the community managed to secure the domain and launched a new forum under new management in July 2023.
The Everyshop leak is also not new, with details reported in June 2023.
Cybernews’ MOAB is the second massive personal data security issue reported in the past two weeks.
Last week, HaveIBeenPwned disclosed details about the Naz.API credential stuffing list that exposed usernames and passwords for 70,840,771 unique emails.
According to HaveIBeenPwned founder Troy Hunt, the dataset spanned 319 files, totalling 104GB.
Taking a random sample, they found that nearly 35% of the email addresses in the dataset had never been seen before.
While significantly smaller than Cybernews’ “Mother of all Breaches”, Naz.API is potentially much more dangerous as it includes credentials from password stealers — malware that has grabbed credentials from compromised machines.
Some good news was that Hunt found that some of the data in Naz.API was incredibly old.
People who practised good password hygiene may therefore be less exposed.
However, those who have used weak passwords across multiple services could be vulnerable.
To check if any of your passwords have been compromised, HaveIBeenPwned operates a sister service called Pwned Passwords.
Security researchers and organisations like the South African Banking Risk Information Centre (Sabric) have provided general advice for people to follow in the wake of major data security incidents like these.
These boil down to remaining vigilant for phishing attacks, practising good password hygiene, and using two-factor authentication where possible.
Sabric has also previously provided the following specific recommendations:
- Do not disclose personal information such as passwords and PINs when asked to do so by anyone via phone, fax, text messages or even email.
- Change your passwords regularly and never share these with anyone else.
- Verify all requests for personal information and only provide it when there is a legitimate reason to do so.
- Perform frequent anti-virus and malware scans on your personal computer and mobile device, using software that is up to date.
- Do not click on any suspicious links.