Canadian cybersecurity researchers are voicing concern and urging people to be vigilant after reports that a staggering 26 billion records have been exposed in a “supermassive leak.”
According to the organizations CyberNews and Security Discovery, data from popular platforms including LinkedIn, X (formerly known as Twitter), Dropbox and Adobe has been exposed in what the research team refers to as the “mother of all breaches.”
“I haven’t seen anything like it,” Canada Research Chair in Security and Privacy Natalia Stakhanova told Global News Wednesday. “It’s a different scale.”
It’s unclear when this information was stolen or who is responsible, but she said she would be “very concerned” about any one who finds their information included in the breach.
The researchers who uncovered the breach suspect it was compiled by a “malicious actor, data broker, or some service that works with large amounts of data.”
User information from the sites Canva, Telegram and the Chinese social media outlets Weibo and Tencent were also among the data available from breaches.
The breach comes as Canadians are increasingly losing confidence their personal data is protected. A new poll finds most believe their online information is more exposed now than ever before.
Researchers suspect there is likely a “high number” of duplicates in the leaked data, which helps to explain the massive number.
“This breach is a collection of previous information that has been leaked out there, where databases have been compromised,” said tech expert Kyle Wilson, calling the amount of information a “wake up call.”
Both he and Stakhanova call the amount of likely duplication in the information making up the reported 26 billion records “concerning.”
“It’s possible there are numerous entries for the same username, which is also something to be concerned about because additional information becomes available,” said Stakhanova. “That allows you to build a bigger profile on a user.”
Her advice now is to be on the lookout for phishing scams.
“Users needs to be vigilant about scam calls, unusual emails and messages, unusual social requests,” said Stakhanova.
“Maybe the passwords are not there, or maybe have been changed and cannot be leveraged anymore. But just knowing that this person used this platform with this information — and perhaps, that information has been leaked — can be used in the scam,” she said.
Wilson calls the breach a “wake-up call” to protect your information online, and use tools like multi-factor authentication and password managers.
“The number one thing is to not reuse passwords. I know that we’re all guilty of it. It happens. But it is definitely a bad thing to do,” he said.
Comments