An incredible 26 billion records are reported to have been exposed in what Canadian cybersecurity researchers are labeling a “supermassive leak”. Correspondingly, they are urging people to be vigilant in the wake of this concerning discovery.
According to the organizations CyberNews and Security Discovery, data from social media platforms including LinkedIn, X (formerly known as Twitter), Dropbox and Adobe has been revealed in what the research team is referring to as the “mother of all breaches.”
“I haven’t seen anything like it,” Canada Research Chair in Security and Privacy Natalia Stakhanova stated “It’s a different scale.”
In this moment it is uncertain as to when this information was stolen or who is responsible, however Stakhanova said she would be “very concerned” about any individual who finds their information included in the breach.
The researchers who uncovered the breach speculated that it was compiled by a “malicious actor, data broker, or some service that works with large amounts of data.”
Additionally, user information from the sites Canva, Telegram and the Chinese social media outlets Weibo and Tencent were also included in the data available from breaches.
Researchers suspect the probability of a “high number” of duplicates in the leaked data, which would provide somewhat of an explanation as to the massive number.
“This breach is a collection of previous information that has been leaked out there, where databases have been compromised,” said tech expert Kyle Wilson, calling the amount of information a “wake up call.”
Both he and Stakhanova state that the amount of likely duplication in the information making up the reported 26 billion records is “concerning.”
“It’s possible there are numerous entries for the same username, which is also something to be concerned about because additional information becomes available,” said Stakhanova. “That allows you to build a bigger profile on a user.”
Her advice in this moment is to be on the lookout for phishing scams.
“Users needs to be vigilant about scam calls, unusual emails and messages, unusual social requests,” said Stakhanova.
“Maybe the passwords are not there, or maybe have been changed and cannot be leveraged anymore. But just knowing that this person used this platform with this information — and perhaps, that information has been leaked — can be used in the scam,” she said.
Wilson is calling the breach a “wake-up call” to enact further protection of your information online, and use tools like multi-factor authentication and password managers.
“The number one thing is to not reuse passwords. I know that we’re all guilty of it. It happens. But it is definitely a bad thing to do,” he said.
— with files from globalnews.ca