The "Mother of All Breaches": 26 Billion Records Exposed in Unprecedented Data Leak
Security researchers have uncovered what may be the largest compilation of stolen credentials in history a 12-terabyte database dubbed the "Mother of All Breaches" (MOAB), containing 26 billion records from thousands of prior data leaks. Discovered by researcher Bob Dyachenko of SecurityDiscovery.com in collaboration with Cybernews, the dataset was found on an open, publicly accessible server, though its owner remains unknown.
Unlike a single hack, the MOAB is a "compilation of breaches" (COB), aggregating credentials from major platforms, including:
- 1.5 billion records from Tencent
- 504 million from Weibo
- 360 million from MySpace
- 281 million from Twitter (X)
- Millions more from LinkedIn, Adobe, Canva, Deezer, AdultFriendFinder, and others
The dataset also includes records from government organizations in the U.S., Brazil, Germany, the Philippines, and Turkey, amplifying risks for both individuals and enterprises.
Why This Breach Is a Game-Changer
The MOAB’s danger lies in its consolidation and accessibility. Instead of scattered leaks, attackers now have a single, searchable repository for credential stuffing, phishing, and targeted attacks. While many passwords are outdated, the sheer volume ensures some will still work especially given widespread password reuse.
Worse, experts warn the dataset may include fresh data from infostealer malware, which harvests current credentials, browser cookies, and autofill details. This hybrid threat combining historical breaches with live infections creates a highly effective tool for cybercriminals, from low-level fraudsters to initial access brokers (IABs) selling corporate network access to ransomware gangs.
The Fallout: A New Era of Cyber Risk
The MOAB’s impact extends beyond individuals. Corporate and government networks are at heightened risk due to employees reusing passwords across personal and work accounts. A single compromised credential could provide attackers with a foothold for devastating intrusions.
Security experts emphasize that password-only authentication is now obsolete against such a vast dataset. The breach underscores the urgent need for multi-factor authentication (MFA), particularly phishing-resistant methods like FIDO2 security keys. Continuous monitoring of credentials against breach databases is also critical.
With the data now in the wild, the MOAB will fuel cyberattacks for years, marking a sobering shift in the threat landscape. The leak serves as a stark reminder: once exposed, data never truly disappears it only becomes more dangerous.
Tencent cybersecurity rating report: https://www.rankiteo.com/company/tencentglobal
Myspace cybersecurity rating report: https://www.rankiteo.com/company/myspace
Twitter cybersecurity rating report: https://www.rankiteo.com/company/twitter
Tencent cybersecurity rating report: https://www.rankiteo.com/company/tencentglobal
Canva cybersecurity rating report: https://www.rankiteo.com/company/canva
Adobe cybersecurity rating report: https://www.rankiteo.com/company/adobe
Deezer cybersecurity rating report: https://www.rankiteo.com/company/deezer
FriendFinder Networks Inc. cybersecurity rating report: https://www.rankiteo.com/company/friendfinder-networks-inc-
United States Federal Government cybersecurity rating report: https://www.rankiteo.com/company/united-states-federal-government
Brazilian Office of the Comptroller General (CGU) cybersecurity rating report: https://www.rankiteo.com/company/brazilian-office-of-the-comptroller-general-cgu-
"id": "TENMYSTWITENCANADODEEFRIUNIBRA1769520245",
"linkid": "tencentglobal, myspace, twitter, tencentglobal, canva, adobe, deezer, friendfinder-networks-inc-, united-states-federal-government, brazilian-office-of-the-comptroller-general-cgu-",
"type": "Breach",
"date": "1/2025",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '1.5 billion records',
'industry': 'Technology/Social Media',
'name': 'Tencent',
'type': 'Company'},
{'customers_affected': '504 million records',
'industry': 'Social Media',
'name': 'Weibo',
'type': 'Company'},
{'customers_affected': '360 million records',
'industry': 'Social Media',
'name': 'MySpace',
'type': 'Company'},
{'customers_affected': '281 million records',
'industry': 'Social Media',
'name': 'Twitter (X)',
'type': 'Company'},
{'customers_affected': 'Millions',
'industry': 'Professional Networking',
'name': 'LinkedIn',
'type': 'Company'},
{'customers_affected': 'Millions',
'industry': 'Software',
'name': 'Adobe',
'type': 'Company'},
{'customers_affected': 'Millions',
'industry': 'Design/Technology',
'name': 'Canva',
'type': 'Company'},
{'customers_affected': 'Millions',
'industry': 'Music Streaming',
'name': 'Deezer',
'type': 'Company'},
{'customers_affected': 'Millions',
'industry': 'Adult/Social Networking',
'name': 'AdultFriendFinder',
'type': 'Company'},
{'industry': 'Public Sector',
'location': 'United States',
'name': 'U.S. Government Organizations',
'type': 'Government'},
{'industry': 'Public Sector',
'location': 'Brazil',
'name': 'Brazilian Government Organizations',
'type': 'Government'},
{'industry': 'Public Sector',
'location': 'Germany',
'name': 'German Government Organizations',
'type': 'Government'},
{'industry': 'Public Sector',
'location': 'Philippines',
'name': 'Philippine Government Organizations',
'type': 'Government'},
{'industry': 'Public Sector',
'location': 'Turkey',
'name': 'Turkish Government Organizations',
'type': 'Government'}],
'attack_vector': 'Compilation of Breaches (COB)',
'data_breach': {'number_of_records_exposed': '26 billion',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High (includes PII, government data, '
'and potential fresh infostealer '
'malware data)',
'type_of_data_compromised': 'Credentials, personally '
'identifiable information, '
'browser cookies, autofill '
'details'},
'description': 'Security researchers uncovered a 12-terabyte database '
'containing 26 billion records from thousands of prior data '
"leaks, dubbed the 'Mother of All Breaches' (MOAB). The "
'dataset aggregates credentials from major platforms and '
'government organizations, posing significant risks for '
'credential stuffing, phishing, and targeted attacks.',
'impact': {'brand_reputation_impact': 'Potential reputational damage for '
'affected platforms',
'data_compromised': '26 billion records',
'identity_theft_risk': 'High',
'operational_impact': 'Heightened risk of credential stuffing, '
'phishing, and targeted attacks'},
'initial_access_broker': {'data_sold_on_dark_web': 'Potential (dataset may '
'include fresh infostealer '
'malware data)',
'high_value_targets': 'Corporate and government '
'networks'},
'investigation_status': 'Ongoing (owner of the dataset unknown)',
'lessons_learned': 'Password-only authentication is obsolete against '
'large-scale credential dumps. Multi-factor authentication '
'(MFA), especially phishing-resistant methods like FIDO2 '
'security keys, is critical. Continuous monitoring of '
'credentials against breach databases is essential.',
'motivation': 'Credential harvesting, cybercrime, initial access brokerage',
'post_incident_analysis': {'corrective_actions': 'Adoption of MFA, continuous '
'credential monitoring, and '
'user education on password '
'security',
'root_causes': 'Aggregation of historical '
'breaches, potential inclusion of '
'fresh infostealer malware data, '
'and widespread password reuse'},
'recommendations': ['Implement multi-factor authentication (MFA), preferably '
'phishing-resistant methods like FIDO2 security keys.',
'Monitor credentials against breach databases '
'continuously.',
'Educate users on password hygiene and the risks of '
'password reuse.'],
'references': [{'source': 'SecurityDiscovery.com'}, {'source': 'Cybernews'}],
'response': {'enhanced_monitoring': 'Recommended'},
'title': 'Mother of All Breaches (MOAB)',
'type': 'Data Breach'}