Update 01/25: This article has been updated to reflect the fact that the database could contain new records from undisclosed breaches, not just from those already known about.
A massive database containing the gains of thousands of data breaches has been found online, amounting to 12TB and comprising over 26 billion records, making it the largest ever discovered.
Cybernews claims to have made the discovery along with Bob Dyachenko, the owner of SecurityDiscovery.com.
The tranche is a compilation of thousands of compiled breaches and privately sold databases, with the owner thought likely to be a threat actor or data broker, who would have an interest in storing and compiling such data in order to profit from it, or possibly a service that works with large datasets.
Popular companies affected
Of all the breached records its contains, those coming from the Chinese messaging app Tencent QQ top the table, with 1.4 billion records. There are also allegedly hundreds of millions of records each pertaining to Weibo, X (FKA Twitter), LinkedIn, Deezer, Adobe, Canva, Dropbox, Telegram, and Daily Motion, to name just a few. Records related to government bodies of the US, Brazil, Germany, and other countries are also featured in the database.
The aggregated data could prove very useful to cybercriminals, who could leverage it to commit identity theft and other cyberattacks, such as phishing and social engineering scams. The data includes sensitive information beyond mere credentials.
If those affected have reused passwords for many services, then attackers may try credential stuffing attacks, where they try to hack multiple services the user has signed up for with the same details.
It is believed that the breaches are mostly ones that already known, and there are thought to be many duplicates within the 26 billion records. However, there could also be undisclosed breaches within the database too.
Cybernews has a data leak checker to let users check if their email or phone number may have been compromised as a result of this leak. The website Have I Been Pwned is also a popular resource for checking email account leaks.
MORE FROM TECHRADAR PRO
- Need to change your passwords quickly? Using the best password manager can help
- Samsung confirms data breach - here's what you need to know
- Paramount confirms data breach, user personal data compromised
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Lewis Maddison is a Staff Writer at TechRadar Pro. His area of expertise is online security and protection, which includes tools and software such as password managers.
His coverage also focuses on the usage habits of technology in both personal and professional settings - particularly its relation to social and cultural issues - and revels in uncovering stories that might not otherwise see the light of day.
He has a BA in Philosophy from the University of London, with a year spent studying abroad in the sunny climes of Malta.