26 billion(!) files (12 terabytes) have been made publicly available by an unknown 'data broker'. By comparison, the previous record holder, the 'Compilation Of Many Breaches (COMB)', consisted of only 3.6 billion files. A small reassurance: most of this is likely to be data that has already been breached and published. A smaller part involves data that has not been published before.
The database contains data stolen from hundreds of companies, including well-known ones like the ones listed above, as well as Twitter (now ‘X’), Deezer and the Chinese giant Tencent. In a partnership with the research team, Cybernews is in the process of integrating the dataset into its data leak checker, which can be found on this website. Unfortunately, the dataset was not yet available at the time of writing.
It appears that most of the files contain data that has already been stolen in previous data breaches. Judging by the size of the Dropbox dataset (69 million files) it probably consists of data that was stolen and published back in 2012. Similarly, the dataset of MySpace (360 million) and Canva (140 million) appear to be similar in size to previous incidents that have been published on haveibeenpwned.com. However, it's highly probable that tonnes of newly collected information has not been published before, given the 26 billion files. So, why should any of us worry?
The negative effects of this vast collection of data could be significant for both individuals and companies. For instance, it’s possible that usernames and passwords from accounts that people randomly created in 2014—likely in order to shop at a web shop—have been compromised. While this may not seem significant, a 2019 Google survey found that 65% of participants reused their passwords across multiple accounts, occasionally even all of them. Consequently, that ‘minor 2014 leak’ could have contained the password you use to access your email or work account (or both?) this very day. That's exactly what malicious individuals try to exploit.
According to a Verizon study on data breaches in 2023, the use of stolen user credentials accounted for the majority (45%) of data breaches, which is comparable to the years before. Malicious actors may be able to carry out time-consuming and highly noticeable cyber attacks, but the MOAB leak makes things much simpler for them. Given that most people continue to reuse passwords because it is more convenient, malicious actors can simply use the leaked passwords found in the MOAB database until they find one that works. And with that, the first line of defense is broken.
User credentials are not the only useful information to criminals. There is a high probability that some of the leaked files contain personally identifiable information (PII) which are particularly valuable for malicious actors to have as well. If your personal information appears in multiple datasets, a malicious actor can combine this data to create a detailed profile. For instance, it's a lot less suspicious when you get a personalized email from a company you regularly order from, containing information only that company should know. Or an e-mail from "X" asking you to re-authenticate your account by using your password and username, because some suspicious activities have been detected. Don't worry though, you will get a text message from “X” to verify it is really them asking so you know it’s not phishing!
The data from MOAB makes it easier for a malicious actor to launch targeted attacks that take advantage of your online behaviour and interests. These types of attacks are called “spear phishing“ and is mainly used against high-value targets, such as senior management with the authority to make large payments (remember the Pathe case?) or important politicians). But it can happen to anyone, as any user account can potentially be a stepping stone to a larger attack (in the 2013 Target data breach, hackers were able to gain access to their systems using a third-party vendor account that they hacked using a phishing attack).
We expect an increasing number of attempts at credential stuffing (such as brute force attacks) and social engineering (such as phishing) aimed at individuals and organizations because of the publication of the MOAB.
As your digital business partner, Ordina is committed to accelerating your growth while ensuring robust information security measures. We offer effective solutions that help your organization guard itself against these growing threats.
Password strength test - Strong passwords form the first line of defence against unauthorized access. With that line potentially under increased threat, it is important to have insights into your organization’s password security. Our Active Directory (AD) password audits identify weak 'crackable' passwords that may be vulnerable to credential stuffing attacks.
MFA check - Multi Factor Authentication (MFA) is the second line defence against unauthorized access. MFA is becoming more common within organizations, but sometimes it is not implemented correctly or thoroughly which could mean that not all endpoints (laptops, phones, tablets) will have MFA enabled. You will be able to discover whether all your endpoints are protected by verifying the MFA implementation.
Monitoring and detection - In scenarios where user accounts are up for grabs, we at Ordina believe in proactive cybersecurity. By detecting suspicious patterns and activities, we can quickly identify and address potential threats before they do any damage. Whether it's unusual login attempts, suspicious data transfers or other anomalies, our monitoring services keep your business safe.
Awareness - Human failures are still the biggest cause of breaches affecting organizations. Ordina can help you increase your organization’s awareness levels, by designing a customized awareness programme tailored to your organization’s threat landscape. By conducting and maintaining a cyber awareness programme, your organization is better protected against cyber attacks, such as social engineering.
Crisis management - When disaster strikes and your data has gone on an unauthorized holiday, nothing is worse than to be ill prepared. Our business continuity and (IT) disaster recovery solutions include inhouse crisis exercises and drafting tailored plans to accommodate your preparation and recovery needs.
Expected impact and recommendations
The MOAB data breach could have significant implications for both businesses and individuals. One of the main concerns is the potential increase in phishing activities and other forms of cybercrime. With the vast amount of leaked data, including personal information and login details, users are at risk of becoming victims of targeted attacks.
Phishing attempts can masquerade as legitimate communications from well-known organisations, where criminals try to obtain sensitive information, such as passwords or credit card details. Given that many people re-use passwords, being compromised on one platform can lead to access to multiple accounts or even systems.
In response, users are advised to be vigilant in checking emails, especially those with suspicious links or requests for personal information. In addition, they should consider changing passwords regularly and enabling two-factor authentication wherever possible. By taking these precautions, individuals can increase their online security and enhance their protection against potential threats arising from the MOAB data breach.
Consultant Cyber Strategy & Maturity at Ordina