Is YOUR data safe? As the ‘Mother of all Breaches’ sees 26billion records leaked online, experts reveal how to check if your emails or passwords have been compromised

Cybersecurity researchers raised the alarm this week after discovering the ‘Mother of all Baches’ (MOAB).

With 26 billion records leaked online, experts say this is the largest data breach in history.

Sensitive data from popular sites such as Twitter, Dropbox and Linkedin was discovered on an unsecured site, which experts say could trigger a ‘tsunami of cybercrime’.

So, is your data safe?

Following the news, experts revealed to MailOnline how to check if your emails or passwords have been compromised.

The easiest way to see if you’ve been affected is to use a data breach checker, like this one created by Cybernews. The researchers say they have logged more than 70 percent of the files in the breach and aim to have the checker fully updated by the end of the week.

Cybersecurity researchers warn it’s almost certain your personal data was exposed in the ‘Mother of All Breach’, where 26 billion data was leaked to an unsecured site

Yesterday, researchers from Cybernews and Bob Dyachenko, owner of SecurityDiscovery.com, announced that they had discovered a massive data breach.

The researchers discovered that 12 terabytes of data were stored on an open copy, hidden in plain sight on the Internet.

This data includes billions of username and password combinations, as well as highly sensitive personal data.

The researchers warn that this dataset could be ‘extremely dangerous’ in the hands of criminals.

The easiest way to check if this contains your data is to use a data breach checker such as Cybernews’ data breach check.

To use this tool, simply enter your mobile number or email address in the search bar and click ‘Check Now’.

Mantas Sasnauskas, head of security research at Cybernews, told MailOnline that the team is working to ensure the tool contains all the data from this new breach.

Mr. Sasnauskas says that more than 70 percent of the data leaked by the MOAB breach is already recorded on the tool.

Because the MOAB is a combination of historical breaches and new material, only about a third of the leaked data has not been previously released.

This means that the data breach checker will probably still show whether your data was involved in this latest leak.

Mr. Sasnauskas and his team are currently sifting through the remaining 30 percent of new leaks to see which accounts have been compromised.

If you’re using one of these sites, there’s a good chance your data has been leaked. While some of the data is certainly duplicate, these sites have each leaked more than 100 million personal details

If you’re particularly concerned about your account with a specific site, Cybernews also has a searchable list of affected sites.

You may also be able to determine that an account has been compromised if you notice suspicious activity on one of your accounts.

Receiving login notifications from one of your accounts that you don’t recognize could be an indication that someone has gained access.

However, given the scale of the breach, Mr Sasnauskas warns that you will almost certainly be affected.

He told MailOnline: ‘Probably the majority of the population has been affected.’

Due to the sheer amount of data leaked from popular sites like Linkedin, the experts say that the majority of the population will have at least one account affected by this leak.

Researchers expect this breach to include significantly more than 15.5 billion unique password and account combinations from 3,386 different sites – more than 20 of which exposed hundreds of millions of records.

The biggest leak comes from Tencent’s QQ, a popular Chinese messaging app that contained 1.5 billion records.

Some of the other biggest leaks came from MySpace (360 million), Twitter (281 million), Linkedin (251 million), and AdultFriendFinder (220 million).

This means that if you are an internet user, it is almost certain that at least one account you use is involved in the breach.

Jake Moore, global cybersecurity advisor for ESET, told MailOnline that people should act on the assumption that their accounts have been compromised.

Experts warn that you should take this opportunity to change your passwords. If you use X, which has leaked 281 million records, hackers can gain access to any account that shares the same password

The biggest risk is that hackers can gain control of one account and use it to gain access to other accounts owned by the same person.

Mr Moore told MailOnline: ‘Unfortunately many people are still reusing their favorite passwords across multiple sites, causing this type of strand to spread laterally and very quickly.

“That’s why people should use this announcement as an opportunity to make their passwords unique, as well as add multi-factor authentication to their accounts.”

Mr Moore also warns that even an old account you no longer use if it is compromised could be at risk of a range of more dangerous attacks.

“Criminals can do a lot by gaining access to accounts that may contain other personal information, such as home address or phone number,” he says.

Brian Martin, Director of Product Management at Integrity360 said: “Threat actors are known to compile private copies of previous breaches to support their malicious activities.”

Mr. Martin explains that this breach data is extremely useful for launching “phishing, social engineering and credential stuffing attacks.”

He recommends that organizations and individuals practice good cyber hygiene to limit the risk of future attacks.

This includes resetting passwords, using two-factor authentication, and being aware of phishing techniques.

Mr Martin added: ‘It has always been the case that not having these basic cyber hygiene steps increases your risk, but the risks become greater with the availability of such a huge aggregate database of readily available information.’

The existence of these types of massive data dumps makes the risk of future cyber attacks much higher, as criminals can use the account information from one breach to break into others

The investigators who discovered the breach say the person behind it will likely never be identified.

However, Mr. Sasnauskas suspects that it was made possible by someone trying to set up a criminal marketplace for private information.

He added: ‘Historically there have been such services and sometimes they pop up.

“Basically you could enter anyone’s email address and buy the passwords for their accounts for a few dollars.”

It is also possible that this has been put together by a data broker or other organization that works with large amounts of data.

However, Mr Sasnauskas said it was more likely that it was created by a malicious actor.

HOW TO CHECK IF YOUR EMAIL ADDRESS HAS BEEN COMPROMISED

Am I pwned?

Cybersecurity expert and Microsoft regional director Tory Hunt leads ‘Am I pwned’.

The website allows you to check if your email has been compromised as part of any of the data breaches that have occurred.

If your email address appears, you will need to change your password.

Pwned passwords

To check whether your password may have been exposed in a previous data breach, go to the site’s homepage and enter your email address.

The search tool compares this to the details of historical data breaches that have made this information publicly visible.

If your password does appear, you are likely at greater risk of being exposed to hacking attacks, fraud, and other cybercrime.

Mr Hunt built the site to help people check whether or not the password they want to use is on a list of known hacked passwords.

The site does not store your password alongside any personally identifiable information and each password is encrypted

Other safety tips

Hunt offers three easy-to-follow steps for better online security. First, he recommends using a password manager, such as 1Password, to create and store unique passwords for each service you use.

Then enable two-factor authentication. Finally, stay informed of any breaches

Related Post