26 Billion Records Released in “The mother of all breaches”

Security researchers have discovered a massive data breach containing more than 26 billion records — a hacker’s trove of records compiled from LinkedIn, Twitter, Adobe, and thousands of other organizations. Likely the largest of its kind, researchers have dubbed it MOAB or the “Mother of All Breaches.”

With billions of pieces of personal info compromised, you can count on one thing here for sure. Bad actors out there will surely take advantage of this windfall. We’ll share the immediate steps you can take to stay safe.

How big is the MOAB breach?

Just to get a sense of the breach’s scope, the newly discovered database contains over 3,800 folders, each containing records from an individual data breach. As such, it seems that these breached records were compiled over time to create this database.

Within that list of 3,800 folders, it includes major brands and entities such as Twitter/X (281 million records), LinkedIn (251 million records), Evite (179 million records), and Adobe (153 million records). Leading the way with breached records is Tencent, with 1.5 billion records exposed.

Researchers also discovered that the leak contains records from government organizations in the US, Brazil, Germany, Philippines, Turkey, and other countries.

To date, no group has stepped forward to claim responsibility for this massive compilation of breached info. Researchers speculate that it could be a “malicious actor, data broker, or some service that works with large amounts of data.”

What can I do to protect myself in the wake of the MOAB breach?

Given the scale of the breach, your best bet is to act like your data was caught up in it.

This breach truly is a treasure trove for hackers and scammers. With the info contained in it, they can launch follow-on attacks. Like identity theft, phishing attempts, and password-stuffing attacks often follow in the wake of breaches. And indeed, this is a massive breach.

We can’t stress enough that acting now is super important.

 

 

Immediate steps include:

Change your passwords and use a password manager.

Changing passwords now is a must. Strong and unique passwords are best, which means never reusing your passwords across different sites and platforms. Using a password manager will help you keep on top of it all, while also storing your passwords securely. Moreover, changing your passwords regularly might make a stolen password worthless because it’s out of date.

Enable two-factor authentication.

While a strong and unique password is a good first line of defense, enabling two-factor authentication across your accounts will help your cause by providing an added layer of security. It’s increasingly common to see nowadays, where banks and all manner of online services will only allow access to your accounts after you’ve provided a one-time passcode sent to your email or smartphone. If your accounts support two-factor authentication, enable it.

Consider using identity monitoring, particularly for the dark web.

An identity monitoring service can monitor everything from email addresses to IDs and phone numbers for signs of breaches so you can take action to secure your accounts before they’re used for identity theft.​ Personal info harvested from data breaches can end up on dark web marketplaces where other bad actors buy it for their own attacks. Ours monitors the dark web for your personal info and provides early notifications if your data is found on there, an average of 10 months ahead of similar services.​ We also provide guidance to help you act if your info is found.

Check your credit, consider a security freeze, and get ID theft protection.

When personal info gets released, there’s a chance that a hacker, scammer, or thief will put it to use. This might include committing fraud, where they draw funds from existing accounts, and theft, where they create new accounts in a victim’s name.

With that, strongly consider taking preventive measures now. Checking your credit, putting a security freeze in place, and getting theft protection can help keep you safe in the wake of a breach. You can get all three in place with our McAfee+ Advanced or Ultimate plans. Features include:

Credit monitoring keeps an eye on changes to your credit score, report, and accounts with timely notifications and guidance so you can take action to tackle identity theft.

Security freeze protects you proactively by stopping unauthorized access to existing credit card, bank, and utility accounts or from new ones being opened in your name. And it won’t affect your credit score.

ID Theft & Restoration Coverage gives you $2 million in identity theft coverage and identity restoration support if determined you’re a victim of identity theft.​ This way, you can cover losses and repair your credit and identity with a licensed recovery expert.

Also consider using comprehensive online protection.

A complete suite of online protection software can offer layers of extra security. In addition to password management and identity theft protection, it includes AI-powered scam detection that can spot scam texts, emails, and links on social media that otherwise look legit. If you accidentally tap or click on a sketchy link? Don’t worry, it can block those links from taking you to risky sites too. In all, online protection software offers you a broad range of defenses and preventative measures any time data breaches occur. Even breaches the size of the MOAB breach.

Introducing McAfee+ Ultimate

We’ll monitor the dark web for your personal info, including email, government IDs, credit card and bank account numbers, and more. We’ll help keep your personal info safe, with early alerts if your data is found on the dark web, an average of 10 months ahead of similar services.​