Hacker working on a code on dark digital background with digital interface around.

Alexander Geiger/Shutterstock (Licensed)

Should you be worried your data is in the ‘Mother of all Breaches?’

It turns out that much of the 26 billion records were scraped from other publicly known data breaches.


Mikael Thalen


Posted on Jan 24, 2024

A data leak that’s been dubbed the “Mother of all Breaches” is stirring fear online after more than 26 billion personal records were exposed.

The breach, described by the researchers who discovered it as the biggest-ever data leak, includes sensitive information from sites such as Dropbox, Linkedin, and Twitter, now known as X.

Discovered on an unsecured web server, the data, according to security researcher Bob Dyachenko and Cybernews, could have belonged to a malicious actor or data broker. The researchers warned that the exposed data could lead to a significant uptick in cybercrime

“The dataset is extremely dangerous as threat actors could leverage the aggregated data for a wide range of attacks, including identity theft, sophisticated phishing schemes, targeted cyberattacks, and unauthorized access to personal and sensitive accounts,” the researchers said.

While undoubtedly concerning, some experts are pushing back on the data’s description as the biggest-ever leak. In a post on X, vx-underground, which hosts the largest collection of malware online, noted that the information was largely a compilation of previously disclosed breaches.

“We’ve received a few notifications today regarding the ‘Mother of all Breaches’ – which allegedly contains 26,000,000,000 creds and information from people all across the globe,” vx-underground wrote. “This is simply a compilation of breaches and scrapes rolled into 1. It isn’t anything new or crazy.”

Troy Hunt—founder of HaveIBeenPwned.com, a service that allows users to check whether their data has shown up in a breach—also appeared to poke fun at the claim.

In reference to coverage from the Daily Mail, Hunt jokingly questioned the reliability of the media outlet while also poking fun at the fact that the author shared his same last name.

Given that most of the data isn’t new, should users be concerned? It depends if you’ve been keeping up with previous breaches.

For those interested in learning whether any of their information showed up in the data set, Cybernews launched a portal where users can enter their email or phone number.

Similarly, HaveIBeenPwned.com also lets anyone check whether their data has shown up in dozens of different breaches.

As always, using unique and strong passwords on every online service remains one of the best ways of protecting oneself, along with implementing two-factor authentication when available.

We crawl the web so you don’t have to.
Sign up for the Daily Dot newsletter to get the best and worst of the internet in your inbox every day.
Share this article
*First Published: Jan 24, 2024, 11:36 am CST