44
votes
Twenty-six billion records exposed in massive leak, including data from Linkedin, X, Dropbox
Link information
This data is scraped automatically and may be incorrect.
- Title
- Massive leak exposes 26 billion records in mother of all breaches
- Authors
- Rob Thubron
- Published
- Jan 24 2024
- Word count
- 369 words
That explains the spike in "verify your account" emails I've gotten over the last few days.
I wonder what IS new here.
Also, AdultFriendFinder with 220 million records? What?
Ahh, is this a throwback to the whole Ashley Madison thing where the email addresses of everyone who signed up for that site looking to have an affair were leaked. I'm curious how many divorces that caused.
Half of those must be bot accounts though right?
No way, at least 75%
I'm always a bit confused about how in practice these leaks happen. The article says researchers "discovered" a database of leaked information. Does this mean the database is just sitting on the net somewhere accessible to the public? Who actually puts these databases online and why would they do that? How do you 'discover' a database?
Yeah, pretty much.
Some hackers just breach a system, steal the data, and quietly upload it somewhere without much fanfare. I assume they either do it for enjoyment, revenge (on the breached entity) or just to fulfill a personal purpose, whatever that is.
It's more common for hackers to ask for a ransom/price and they usually will scream it from the rooftops so the entire scene hears about it (and the security researchers too).
As for how do people discover these databases, probably web crawling/scraping.
The podcast Darknet Diaries has quite a few episodes about leaks and would be a great resource if this is something you'd want to learn more about.
A lot of leaks happen because companies don't properly secure how their websites process user inputs. So sometimes users can put actual SQL queries (the language most databases talk in) into inputs like the user name or password fields. A lot of leaks have happened because the website backend isn't verifying what the user inputs and once that like gets submitted it processes it as a command and can return data from the database!
Sometimes leaks happen because of disgruntled employees who dump the data internally and then try to sell it. A lot of the stories I've heard are related to people who hunt for website weaknesses for fun and once they find one they try to get as much as they can for the fun of it.
A great practical (beginner-friendly) demonstration of this has been done on the Computerphile channel quite a while ago, but still holds up nicely:
https://youtu.be/ciNHn38EyRc
I was thinking of Little Bobby Tables myself.
Very true (reference for the uninitiated), however, outright deleted company data typically doesn’t make for a very compelling argument for ransom-demanding hackers anymore ;)
Things like this always concern me, not for me personally as I use a password manager and 2FA for everything; but I have so many friends and family members who use the same email and password for everything.
I wish more basic cyber security was taught to people. You can prevent things like identity fraud with just some simple changes like using 2FA or a password manager but most people don't know or care.
From what I've read with this leak though its mostly a compilation of very old leaks so hopefully most people should be okay.
Stuff like this reminds me what a hostile and evil place the internet can be. As a sysadmin, the layers of security and endless rounds of patching is getting to be a bit tedious. Recently out of necessity, I took a job at the help desk and I am finding it to be a respite from that hamster wheel of security.
So now i find myself working in userland. I am seeing how its effecting people. They're more fed up than I am, the password cycling, the MFA, capchas.... there has to be a tipping point somewhere that the web just becomes unusable for a majority of people. Where is that line?
I resisted LinkedIn for a long time for precisely this reason.
I would not be sad if banking moved back to physical space.
Maybe I am a Luddite but I was always skeptical about universal cloud based choices. It's been a huge trend but if some of it doesn't last, oh well.
You and me both! The sad reality for a lot of us is that in order to get ahead, you have to play the game and do some networking on LinkedIn. I'm still figuring it out, and right now its value to me is still in question.
As for banking, I don't think that genie is ever going back in the bottle. In spite of all of the risks, the level of services in online banking is too valuable to them to let go.
Its good to be skeptical of new technology, question its value, but don't fall into the trap of dismissing things without first learning a little bit about them. You miss out on some great things by adopting that attitude.
tldr: The article doesn't actually confirm there is any new data in this file, just that the filesize is so big it "suggests" there is