26 billion records exposed online in biggest data leak ever — what to do now

An open lock depicting a data breach
(Image credit: Shutterstock)

Even if you’re super careful online, your personal and financial information can be exposed in a data breach. Sometimes though, hackers compile credentials and information from past breaches and put it all together to make it easier to use in their attacks.

As reported by Cybernews, this is exactly what happened with a new, supermassive Mother of all Breaches (MOAB) which contains 26 billion records or 13 terabytes of data taken from previous leaks, breaches and hacked databases. In a recent investigation alongside cybersecurity researcher Bob Dyachenko, the news outlet discovered all of these exposed records on an open instance.

While the owner of all this stolen data may never be identified, Cybernews’ security researchers believe they could be a hacker, a data broker or even some other service that works with large amounts of data.

Even though this MOAB doesn’t appear to be made up of new data, you could still be at risk online as a result. Here’s everything you need to know about this new data leak and how to see if you’re affected.

Brands with the most leaked records

After examining all of this leaked data, a large number of the records contained within were stolen in past breaches. These are the companies with the most exposed data:

  • Tencent - 1.5 billion
  • Weibo - 504 million
  • MySpace - 360 million
  • Twitter - 281 million
  • Wattpad - 271 million
  • NetEase - 261 million
  • Deezer - 258 million
  • LinkedIn - 251 million
  • AdultFriendFinder - 220 million
  • Zynga - 217 million
  • Luxottica - 206 million
  • Evite - 179 million
  • Zing - 164 million
  • Adobe - 153 million
  • MyFitnessPal - 151 million
  • Canva - 143 million
  • JD.com - 142 million
  • Badoo - 127 million

Besides data from all of the companies listed above, the leak also includes records from government organizations in the U.S., Brazil, Germany, the Philippines, Turkey and several other countries.

What can hackers do with all this data?

A hacker typing quickly on a keyboard

(Image credit: Shutterstock)

Even though a lot of this data is older, it could still be used in a wide range of nefarious ways online including identity theft, phishing attacks, targeted cyberattacks and unauthorized access to users’ personal and sensitive accounts according to the security researchers who discovered it.

The biggest threat though, involves password reuse. You see, if you reuse the same password across multiple sites and services, once hackers get your credentials for one account, they will then use them to access your other accounts. This is why you should absolutely be using strong, complex and unique passwords for all of your online accounts. While you can come up with passwords on your own, the best password managers can do this for you and store all of your passwords securely in one place.

We’ve seen compilations of multiple breaches (COMB) before but this may be the largest one ever recorded to date. For instance, back in 2021, Cybernews reported on one which contained 3.2 billion records. This MOAB is significantly worse than that one though with 26 billion records all contained in one place and to make matters worse, the full list is searchable.

How to check if your data was exposed

A woman looking at a smartphone while using a laptop

(Image credit: Shutterstock)

If you want to see if your personal or financial information was exposed online as a result of this leak, you’re in luck as Cybernews has created its own data leak checker to make things easier. Likewise, the popular data leak site HaveIBeenPwned will likely also have these records available to search soon.

Since a majority of the data contained in this leak is older, the risk of falling victim to an attack that uses these records is lower but you’re still going to want to be on the lookout for any suspicious activity. This means being more cautious when checking your inbox to avoid phishing scams and checking your online accounts for signs of fraud or anything else that looks out of place.

While the best antivirus software can help keep you safe from malware and other attacks, there’s not much it can do when your personal and financial data is exposed in a data breach or leak. Instead, this is where the best identity theft protection services come in as they can help you recover a stolen identity or money lost to fraud.

As we now create more data each day than ever before, large data leaks like this one will likely become more common. However, if you’re careful online and use strong, complex passwords for each of your accounts, you will be much less likely to fall victim to cybercrime.

More from Tom's Guide

Anthony Spadafora
Senior Editor Security and Networking

Anthony Spadafora is the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to password managers and the best way to cover your whole home or business with Wi-Fi. Before joining the team, he wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home.