{"id":23772,"date":"2024-01-23T06:10:26","date_gmt":"2024-01-23T14:10:26","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2024\/01\/23\/news-17502\/"},"modified":"2024-01-23T06:10:26","modified_gmt":"2024-01-23T14:10:26","slug":"news-17502","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2024\/01\/23\/news-17502\/","title":{"rendered":"&#8220;The mother of all breaches&#8221;: 26 billion records found online"},"content":{"rendered":"\n<p>Security researchers have discovered billions of exposed records online, calling it <a href=\"https:\/\/cybernews.com\/security\/billions-passwords-credentials-leaked-mother-of-all-breaches\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">the &#8220;mother of all breaches&#8221;<\/a>.<\/p>\n<p>However, the dataset doesn&#8217;t seem to be from one single data breach, but more a compilation of multiple breaches. These sets are often created by data enrichment companies. Data enrichment is the process of combining first party data from internal sources with disparate data from other internal systems or third party data from external sources. Enriched data is a valuable asset for any organization because it becomes more useful and insightful.<\/p>\n<p>The researchers stated:<\/p>\n<blockquote class=\"wp-block-quote\">\n<p>\u201cWhile the team identified over 26 billion records, duplicates are also highly likely. However, the leaked data contains far more information than just credentials \u2013 most of the exposed data is sensitive and, therefore, valuable for malicious actors.\u201d<\/p>\n<\/blockquote>\n<p>In <a href=\"https:\/\/dataconomy.com\/2024\/01\/23\/alleged-trello-data-breach-15-million\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">other news about leaked personal data<\/a>, a cybercriminal going by the name of \u201cemo\u201d claims they have 15 million unique records of project management tool Trello accounts for sale.<\/p>\n<figure class=\"wp-block-image aligncenter size-large is-resized\"><a href=\"https:\/\/twitter.com\/H4ckManac\/status\/1747527579559411959\/photo\/1\"><img decoding=\"async\" loading=\"lazy\" width=\"1487\" height=\"730\" src=\"https:\/\/www.malwarebytes.com\/wp-content\/uploads\/sites\/2\/2024\/01\/emo.png?w=1024\" alt=\"emo offering 15,115,516 unique lines of Trello user information for sale\" class=\"wp-image-102496\" style=\"width:700px\" \/><\/a><\/figure>\n<p>Trello is used by many organizations, so it understandably raised some concerns.<\/p>\n<p>Atlassian, the company that runs Trello, however denies there has been a breach. It seems as if someone has used a large collection of email addresses and tested it against Trello. <\/p>\n<p>This brings us to the question: when do you call a giant leak of personal information a breach, and when don&#8217;t you?<\/p>\n<p>A definition of a breach that makes sense to me is this one:<\/p>\n<blockquote class=\"wp-block-quote\">\n<p>\u201cA breach is an incident where data is inadvertently exposed in a vulnerable system, usually due to insufficient access controls or security weaknesses in the software.\u201d<\/p>\n<\/blockquote>\n<p>So you might say that exposing of billions of records was a breach because it is unlikely the instance was left open on purpose. After all, that amount of data can be sold for a pretty penny.<\/p>\n<p>And Atlassian can safely say it was not breached, since the criminals used an existing feature. Maybe in larger numbers than intended, but why admit you shouldn\u2019t have allowed it?<\/p>\n<p>Some people will say that a data breach can only be the result of a hack and everything else is a leak. If you look at it that way, neither one of the datasets came from a breach. One set was stumbled upon and the other was created by using a legitimate API.<\/p>\n<p>But to those affected the end result is pretty much the same whether your data was leaked in a breach, accumulated by scraping, or gathered by a data enrichment company. Your information is out there in the open for every cybercriminal to use at their perusal.<\/p>\n<p>If you want to find out if your data is exposed online, you can try our free Digital Footprint tool at <a href=\"http:\/\/whatsmydigitalfootprint.com\/\">whatsmydigitalfootprint.com<\/a>. Fill in the email address you\u2019re curious about (it&#8217;s best to submit the one you most frequently use) and we&#8217;ll send you a report.<\/p>\n<p>You might be surprised. Remember though that it\u2019s not embarrassing to you if your email address was found in a breach, but it is good to know if it was and where a password may have been included.<\/p>\n<figure class=\"wp-block-image aligncenter size-full\"><img decoding=\"async\" loading=\"lazy\" width=\"479\" height=\"175\" src=\"https:\/\/www.malwarebytes.com\/wp-content\/uploads\/sites\/2\/2024\/01\/password.png\" alt=\"We found 9 breaches including one exposed password\" class=\"wp-image-102497\" \/><\/figure>\n<p>If the passwords it throws up at you look familiar, it would be a good idea to change the password where you&#8217;ve used it, enable <a href=\"https:\/\/www.malwarebytes.com\/glossary\/multi-factor-authentication-mfa\">2FA<\/a>, and check if it\u2019s been re-used for other accounts. <\/p>\n<p>Scammers are very good at using information found in breaches in social engineering attacks. Even the fact that your data may have been leaked in a breach is something scammers will readily use to launch a phishing attack and see what more they can find out from you.<\/p>\n<p>Last year, over <strong>2,000<\/strong> companies and government entities reported data breaches impacting over <strong>400<\/strong> million personal accounts. Set up <a href=\"https:\/\/clicks.malwarebytes.com\/u\/click?_t=24fabbbc5c2c43578ed8469e4f452569&amp;_m=e24a5a0a6c5b4a3d8f323e29a2a119a5&amp;_e=F1JFHv1vxfV2yyNV1IyOInWArWQDdJ-jpnkfJk0LctFfwMG5vJeKJJPoTwSLz6jHeVXzWJvj8n12DeBfnz2btxjdDHzqOzVBXtITuIxUfeqCRqlLWpAPXPQBXLK1j6rlEuDBSFlGudrt3nF4V0gJtw_Qs-2KaeXHQvnBV-nKWF4CbpQiyo2TGAmjAFunOr2kFKnzV6mB34LBBytY_U4sshZsR3YZoO4X3kREuMa959MUu0HBiEWjf7tCzxsixZ6uARf7HJncy3qu3yRR24DiK0F950ukgHY8pL566_sPRshL9yhMx_IoImGCbWjHMiGiqJOgGUw-zbykHJTRPpNHYVKXwPYoeJO8yIVQVjuHHdz1s2BT-xBQX-TSVhWGqI91aKJJo2HBe7w5w0aW6i2ytY0jO16_9TtAu0ueyrrOGgVjVkeALXLooOwp4teUDUMCOUh0AphWBcpjODmzmCQ_RA%3D%3D\" target=\"_blank\" rel=\"noreferrer noopener\">Identity Monitoring<\/a> to get alerts whenever your data is exposed in a new breach.<\/p>\n<hr class=\"wp-block-separator has-alpha-channel-opacity is-style-wide\" \/>\n<p><strong>We don&#8217;t just report on threats &#8211; we help safeguard your entire digital identit<\/strong>y<\/p>\n<p>Cybersecurity risks should never spread beyond a headline. Protect your\u2014and your family&#8217;s\u2014personal information by using\u00a0<a href=\"https:\/\/www.malwarebytes.com\/identity-theft-protection\" target=\"_blank\" rel=\"noreferrer noopener\">Malwarebytes Identity Theft Protection<\/a>.<\/p>\n<p><a href=\"https:\/\/www.malwarebytes.com\/blog\/news\/2024\/01\/the-mother-of-all-breaches-26-billion-records-found-online\" target=\"bwo\" >https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p> Security researchers have discovered billions of exposed records online, calling it the &#8220;mother of all breaches&#8221;. Check what of your data has been exposed online with our free tool. <\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10488,10378],"tags":[4765,30763,30764,32,26699],"class_list":["post-23772","post","type-post","status-publish","format-standard","hentry","category-malwarebytes","category-security","tag-identity","tag-moab","tag-mother-of-all-breaches","tag-news","tag-personal"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/23772","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=23772"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/23772\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=23772"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=23772"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=23772"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}