Our customers have 94% existing coverage of the “Mother of all Breaches (MOAB)” – among our recaptured breach data of 500B+ assets in our dark web monitoring platform.
Basically, security researchers uncovered what’s being referred to as “almost certainly the largest [breached data] ever discovered.” And the hype is reasonable, since we’re talking about more than 26 billion leaked records in the hands of threat actors, collected from 4,144 breaches that have occurred over the last several years.
MSP Dark Web have 94% existing coverage in our recaptured breached data of 500+ billion assets, meaning a large chunk of the exposed data was either public, old, unusable to criminals, or otherwise widely-known.
Previously unreleased breaches
The other category – and a significantly larger portion of the breaches – had no record in the public record. This could be due to exclusive access gained by the team responsible for creating the MOAB dataset, or simply that the breaches were released publicly but not yet collected. It is important to acknowledge that no company has complete coverage of every breach or dataset posted on the internet, and a small portion of the breaches in this category are likely to have been posted in a public or semi-private forum and not identified by our researchers.
An example we’re seeing is a massive breach of QQ.com, comprising nearly 1.5 billion records contained within the MOAB data. The types of assets contained in the MOAB data appear distinct from earlier data breaches, including a widely-publicised breach in 2019 which exposed email addresses and passwords of QQ users. From our analysis, timestamps indicate the breach could have occurred between 2007 and 2021. The amount of high-quality data is vast, with 668,101,892 distinct QQ email addresses, and a total of 719,528,232 email/phone combinations.
Breaches with poor data integrity
As mentioned above, of the previously unknown breaches, at least 30 revealed significant duplication, mislabeling, and/or fabrication of data, totaling over 1.7B records. The extensiveness of poor data integrity contained within the MOAB dataset suggests little care was given in the data collection process. Some examples of this include:
The Tencent breach, with 1,468,566,171 records, ended up being almost an exact duplication of the QQ breach, save for ~18,000 records.
A breach called 172.104.90.245_main had 10,856,261 records in the MOAB data leak. After data parsing, we discovered there was a large amount of duplicate data, resulting in only 1,667 net-new records.
Upon de-duping the data in another breach called city-chat.de with 775,195 records, we again found a much smaller number of unique records: 1,370.
In another instance, the authors of the Mother of all Breaches (MOAB) data leak added the clear text equivalent of MD5 hash passwords to data contained in the eHarmony breach, but they added it as the username, with no username or account relation, essentially rendering it useless to criminals.
Other Sources: CyberNews
