In what’s almost certainly the biggest data leak ever discovered, a reported 26 billion records have been hit by a data breach this week.
Making up an eye-watering 13 terabytes of information, the breach is said to contain thousands of compiled and reindexed leaks, breaches, and privately sold databases, and includes user data from platforms such as LinkedIn, Twitter/X, and Dropbox.
This data breach far outweighs anything we’ve ever seen before, but we’ve got everything you need to know so far, along with how to check if your information has been compromised.
What We Know So Far About the Breach
The data breach was first flagged by cybersecurity researcher and owner of SecurityDiscovery.com, Bob Dyachenko, as well as the cybersecurity researchers from Cybernews.com.
According to both, the leaked dataset contains 26 billion records across 3,800 folders, with each folder relating to an individual data breach. While the leak mostly contains information from past data breaches, as well as duplicates, it’s important to note that it will almost certainly include new data too.
🔎 Want to browse the web privately? 🌎 Or appear as if you're in another country?
Get a huge 86% off Surfshark with this special tech.co offer.
The owner of the breach is unlikely to be identified however. Researchers believe those behind it will have a vested interest in storing large amounts of data and could therefore be a data broker or malicious actor, who could use the sensitive information for a wide range of attacks, such as phishing scams and identity theft.
According to Dyachenko and the Cybernews team, the consumer impact of the breach could be “unprecedented”.
Who’s Been Affected?
The company most affected by this data breach is Tencent, the Chinese multinational conglomerate that operates social networks such as WeChat, as well as mobile games, payment systems, and web portals. It has seen 1.5 billion records leaked.
As well as this, the most prominent companies affected are detailed below, along with the number of records leaked*:
- Weibo – 504 million
- MySpace – 360 million
- Twitter/X – 281 million
- Wattpad – 271 million
- Deezer – 258 million
- LinkedIn – 251 million
- AdultFriendFinder – 220 million
- Adobe – 153 million
- MyFitnessPal – 151 million
- Canva – 143 million
- Daily Motion – 86 million
- Dropbox – 69 million
- Telegram – 41 million
*information correct at the time of writing.
The leak also includes records from various government organizations across the U.S., Brazil, Germany, and Philippines, as well as other countries.
How To Check If Your Data Has Been Compromised
To check if your data has been swept up in the breach, head to Cybernews’ Personal Data Leak Checker. Here you simply need to enter your email address, phone number, or related personal information to see if it has been compromised.
If so, it’s recommended that you immediately change the password for any account that has been affected, and enable two-factor authentication.
Cybernews researchers stated: “If users use the same passwords for their Netflix account as they do for their Gmail account, attackers can use this to pivot towards other, more sensitive accounts”.
Even if you haven’t been affected, it’s still worthwhile taking a look at the security of your login credentials and maintaining good cyber hygiene. This includes:
- Using strong, hard-to-guess passwords
- Storing passwords in a secure vault or password manager
- Enabling multi-factor authentication
- Checking for and changing any accounts that share the same password.
