{"id":23840,"date":"2024-01-31T14:10:22","date_gmt":"2024-01-31T22:10:22","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2024\/01\/31\/news-17570\/"},"modified":"2024-01-31T14:10:22","modified_gmt":"2024-01-31T22:10:22","slug":"news-17570","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2024\/01\/31\/news-17570\/","title":{"rendered":"Mother of all Breaches may contain NEW breach data"},"content":{"rendered":"\n<p>On January 23, 2024, we reported on the discovery of billions of exposed records online, now commonly referred to as the \u201c<a href=\"https:\/\/www.malwarebytes.com\/blog\/news\/2024\/01\/the-mother-of-all-breaches-26-billion-records-found-online\">mother of all breaches<\/a>\u201d (MOAB).<\/p>\n<p>Since then, the source of the dataset has been identified as data breach search engine Leak-Lookup.<\/p>\n<p>Prevention platform <a href=\"https:\/\/spycloud.com\/blog\/moab-data-leak-what-we-know\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">SpyCloud<\/a> compared the MOAB data with its own recaptured dataset and found at least 94% of the data was either public, old, or otherwise widely-known. That leaves a lot of new records.<\/p>\n<p>From SpyCloud&#8217;s blog:<\/p>\n<blockquote class=\"wp-block-quote\">\n<p>&#8220;a small number of individual breaches totaling a large number of records \u2013 approximately 1.6 billion&nbsp;\u2013 appeared distinct, as compared to SpyCloud\u2019s dataset.&#8221;<\/p>\n<\/blockquote>\n<p>SpyCloud was able to attribute some data to what it calls \u201cprivate sale breaches\u201d, which are datasets that were sold privately or otherwise traded outside of the public space.<\/p>\n<p>As Troy Hunt of HaveIBeenPwned <a href=\"https:\/\/www.troyhunt.com\/the-data-breach-personal-stash-ecosystem\/\">pointed out<\/a> on his blog, there is a data breach &#8220;personal stash&#8221; ecosystem. This consists of personal stashes of data breaches existing all over the place, fueling an exchange ecosystem that creates copies of billions of records of personal data over and over again.<\/p>\n<blockquote class=\"wp-block-quote\">\n<p>\u201cThe data of a significant portion of the global internet-using population, just freely flowing backwards and forwards not just in the shady corners of <a href=\"https:\/\/www.malwarebytes.com\/blog\/news\/2021\/09\/what-is-the-dark-web-the-dark-web-explained\">the dark web<\/a> but traded out there in the clear on mainstream websites.\u201d<\/p>\n<\/blockquote>\n<p>These shady services, Hunt says, allow interested parties, including criminals, to access records that contain usernames, passwords (including in clear text), email addresses, and IP addresses. And Hunt says he feels that Leak-Lookup is one of the \u201cbad\u201d guys for the following reasons:<\/p>\n<ol start=\"1\">\n<li>After purchasing access, it returns extensive personal information exposed in data breaches including names, email addresses, usernames, phone numbers, and passwords.<\/li>\n<li>The operator is clearly trying to remain anonymous with no discoverable information about who is running it.<\/li>\n<li>It has Terms of Service that include: You may only use this service for your own personal security and research. But it does nothing to enforce that restriction.<\/li>\n<\/ol>\n<p>What worries me even more is the amount of buyers and brokers for breach data. I, for one, never realized there were so many of them. That&#8217;s regardless of whether they are there to sell data to anyone that is willing to pay, or only offer it to those that rightfully own the data.<\/p>\n<p>This in itself constitutes multiple risks. As we all learned in economics, demand drives up the price and the higher the price the more attractive it becomes to go after the data. And, as the MOAB breach clearly demonstrated, not everyone is as careful as they should be about accidentally exposing their collection.<\/p>\n<p>And it&#8217;s not just cybercriminals that are buying this type of data. <a href=\"https:\/\/www.wyden.senate.gov\/news\/press-releases\/wyden-releases-documents-confirming-the-nsa-buys-americans-internet-browsing-records-calls-on-intelligence-community-to-stop-buying-us-data-obtained-unlawfully-from-data-brokers-violating-recent-ftc-order\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">US Senator Ron Wyden released documents<\/a> confirming the National Security Agency buys Americans\u2019 internet records, which can reveal which websites they visit and what apps they use, despite a recent FTC order saying that data brokers must obtain Americans\u2019 informed consent before selling their data.\u00a0<\/p>\n<p>If you want to find out if your data is exposed online, you can try our <a href=\"https:\/\/www.malwarebytes.com\/digital-footprint\">free Digital Footprint scan<\/a>. Fill in the email address you\u2019re curious about (it&#8217;s best to submit the one you most frequently use) and we&#8217;ll send you a report.<\/p>\n<div class=\"wp-block-malware-bytes-button mb-button\" id=\"mb-button-7ba16f0b-04e8-4679-9512-2f21a0971dcf\">\n<div class=\"mb-button__row u-justify-content-center\">\n<div class=\"mb-button__item mb-button-item-0\">\n<p class=\"btn-main\"><a href=\"https:\/\/www.malwarebytes.com\/digital-footprint\">SCAN NOW<\/a><\/p>\n<\/div>\n<\/div>\n<\/div>\n<hr class=\"wp-block-separator has-alpha-channel-opacity is-style-wide\" \/>\n<p><strong>We don&#8217;t just report on threats &#8211; we help safeguard your entire digital identit<\/strong>y<\/p>\n<p>Cybersecurity risks should never spread beyond a headline. Protect your\u2014and your family&#8217;s\u2014personal information by using\u00a0<a href=\"https:\/\/www.malwarebytes.com\/identity-theft-protection\" target=\"_blank\" rel=\"noreferrer noopener\">Malwarebytes Identity Theft Protection<\/a>.<\/p>\n<p><a href=\"https:\/\/www.malwarebytes.com\/blog\/news\/2024\/01\/mother-of-all-breaches-may-contain-new-breach-data\" target=\"bwo\" >https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p> The MOAB may not be just recycled data after all. <\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10488,10378],"tags":[11172,25214,30763,32,26699,5897,26016],"class_list":["post-23840","post","type-post","status-publish","format-standard","hentry","category-malwarebytes","category-security","tag-data-breach","tag-haveibeenpwnd","tag-moab","tag-news","tag-personal","tag-privacy","tag-spycloud"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/23840","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=23840"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/23840\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=23840"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=23840"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=23840"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}