One of the biggest data leaks ever has just been revealed - here's what to do if you've been hit

Image Credit: Shutterstock (Image credit: Shutterstock)

Update 01/25: This article has been updated to reflect the fact that the database could contain new records from undisclosed breaches, not just from those already known about.

A massive database containing the gains of thousands of data breaches has been found online, amounting to 12TB and comprising over 26 billion records, making it the largest ever discovered.

Cybernews claims to have made the discovery along with Bob Dyachenko, the owner of SecurityDiscovery.com.

The tranche is a compilation of thousands of compiled breaches and privately sold databases, with the owner thought likely to be a threat actor or data broker, who would have an interest in storing and compiling such data in order to profit from it, or possibly a service that works with large datasets.

Popular companies affected

Of all the breached records its contains, those coming from the Chinese messaging app Tencent QQ top the table, with 1.4 billion records. There are also allegedly hundreds of millions of records each pertaining to Weibo, X (FKA Twitter), LinkedIn, Deezer, Adobe, Canva, Dropbox, Telegram, and Daily Motion, to name just a few. Records related to government bodies of the US, Brazil, Germany, and other countries are also featured in the database.

The aggregated data could prove very useful to cybercriminals, who could leverage it to commit identity theft and other cyberattacks, such as phishing and social engineering scams. The data includes sensitive information beyond mere credentials.

If those affected have reused passwords for many services, then attackers may try credential stuffing attacks, where they try to hack multiple services the user has signed up for with the same details.

It is believed that the breaches are mostly ones that already known, and there are thought to be many duplicates within the 26 billion records. However, there could also be undisclosed breaches within the database too.

Cybernews has a data leak checker to let users check if their email or phone number may have been compromised as a result of this leak. The website Have I Been Pwned is also a popular resource for checking email account leaks.

MORE FROM TECHRADAR PRO

Need to change your passwords quickly? Using the best password manager can help
Samsung confirms data breach - here's what you need to know
Paramount confirms data breach, user personal data compromised

Lewis Maddison is a Reviews Writer for TechRadar. He previously worked as a Staff Writer for our business section, TechRadar Pro, where he had experience with productivity-enhancing hardware, ranging from keyboards to standing desks. His area of expertise lies in computer peripherals and audio hardware, including speakers and headphones, having spent over a decade exploring the murky depths of audio production and PC building. He also revels in picking up on the finest details and niggles that ultimately make a big difference to the user experience.