In January of 2024, security researcher Bob Dyachenko discovered a supermassive data leak, consisting of an astounding 12 terabytes of information and containing over 26 billion records.
The leak involved many platforms’ user data from popular applications like Venmo, Adobe, LinkedIn, Twitter, Weibo, Tencent, and more, and included credentials as well as other personally identifiable information. The breach rapidly became front page news under the name Mother of All Breaches—or MOAB for short.
The MOAB includes records from thousands of well-organized and reindexed leaks, breaches, and privately sold databases.
Yes and No.
Despite MOAB being a rather impactful headline, whether or not the breach matters is a matter of slight debate, given the vast majority of material was from previous breaches. Known as a “COMB” or compilation of many breaches, the data has likely been available on the dark web for a while. Not many pieces of data were considered newly stolen.
However, every time a breach occurs the collective impact increases. Especially with the amount of password reuse, the (re)selling and redistribution of these details will definitely increase the number of ransomware attacks, spam calls, and phishing emails. Considering some of the other sites involved in the breach—Dropbox and MyFitnessPal were also among those impacted—it’s very likely the affected passwords were being reused across accounts. In turn, this puts a significant number of organizations at risk of Account Takeover.
In essence: consequences will arise and only time will show how far-reaching this MOAB is.
While there was some talk from CyberNews and McAfee about this breach being the biggest in history, “MOAB” is a bit of a misnomer. If discussing newly exposed data, the MOAB isn’t in the running. The “biggest data breach” certainly involves billions of pieces of data, after which it could be argued the scale becomes rather irrelevant. That said, the MOAB is certainly easily considered one of the “biggest in history” given the sheer number of records (re)published at once.
This brings us back to the question of whether or not the MOAB ‘matters’. The real conclusion is that all breaches have an impact—not just the largest ones and certainly not the most publicized ones. Smaller breaches can present an outsized risk because they’re not as socialized, they’re more frequent, and they may be the result of highly targeted attacks.
Whether or not the business in question has been using the sites with credentials leaked in the January 2024 MOAB, the steps to protect customers and employees are the same:
It’s unfortunate, but likely, that the MOAB is the first of many compilation breaches we’ll see in the next few years. While the impact might not be as much of an emergency as data breaches with fresh material, the organization and availability of the data underscore worries in the risk management ecosystem—namely that stolen PII is being widely used for nefarious purposes, and most companies are in no way adequately protected. Now is the right time to take preventative steps to keep your company safe.
AUTHOR
Bronwen Hudson
Bronwen is a technical writer, community manager, and technology enthusiast. When she’s not reading and writing she can be found playing roller derby, talking about roller derby, and thinking about roller derby!
Make detecting and eliminating compromised credentials easy. Start protecting for free.
Try Now