Ask The Expert: "The Mother of all Breaches"

January 25, 2024 - JJ Thomas and Rachel McNealey

A large data breach was just discovered by researchers at Security Discovery and CyberNews. The data breach was so large that the researchers are calling it the "Mother of all Breaches."

To understand what exactly happened and how we can try to prevent the next cyberattack, we sat down with Dr. Rachel McNealey, a cybersecurity expert in the School of Criminal Justice.


Can you describe the basics of what happened with this “Mother of All Breaches”?

Cybersecurity researchers from the firms Security Discovery and CyberNews found a massive database (12 terabytes) containing around 26 billion records of sensitive data including user information from social media websites and government organizations. The records include data from a range of social media platforms with the most common being the Chinese app Tencent, but also including sites that would affect U.S. citizens including X, LinkedIn, and Adobe. The records also contain information pertaining to U.S. government organizations. It appears that a majority of the information is compiled from prior datasets meaning that this is not necessarily the result of a new breach. However, due to the sheer volume of data, experts urge that there is a high likelihood that the dataset does contain some newly published information and users should remain vigilant. Researchers are unsure as to the origination or owner of the dataset, as no group or individual has claimed responsibility for the repository, but the owner is suspected to be a financially motivated data broker or service that deals with large amounts of data.


Why would someone want to carry out a cyberattack like this?

The stolen data market is incredibly lucrative - those who act as brokers and sell the information profit from the transactions, and purchasers of the information can use it to yield money directly from bank accounts or indirectly through attacks like identity theft and unauthorized account access. User data from a single website also does not mean that an individual only has one account at risk. With the number of online accounts required for daily activities, people often use duplicate passwords for multiple accounts so they can easily remember how to log in. This pattern of behavior is leveraged through 'credential stuffing' - working on the assumption that most people use repeated passwords across multiple platforms, bad actors will attempt to log into many different online accounts using the breached username and password combination. This puts an individual's information at risk even on websites where there has not been a breach, and a single data leak can provide attackers access to several individual accounts.


What are the potential implications of this type of cyberattack?

Experts say that consumers can likely expect an increase in attempted account log-ins via credential stuffing in the coming days and weeks, as well as phishing emails. Attackers may use phishing emails to falsely alert a user that their information has been compromised and coerce them into providing their account credentials as a fabricated security measure.


Has this type of cyberattack ever happened before?

Data breaches have unfortunately become somewhat normal to hear about and we consistently see reports of new breaches across a range of industries and platforms. However, researchers are conclusively calling this the 'Mother of All Breaches' due to the sheer volume of data contained in the files. As Adam Pilton of CyberSmart puts it, "In the physical world, 12 terabytes are equivalent to 15,600 filing cabinets." More information on how this compares to prior breaches will likely be shared in the coming weeks as researchers identify how much newly published information is included in the breach.


What are some things that businesses and/or governments do to try to protect themselves from these attacks?

Experts urge that businesses should train employees on latest best practices for cyber hygiene, including how to spot potentially suspicious emails or storing sensitive information using strong passwords or credentials. Access to highly sensitive information should be restricted to as few individuals as possible to reduce the number of attack vectors and if possible, employees should be required to use two-factor authentication to access restricted or sensitive systems.


What can we do as individuals to protect our information from potential cyberattacks like this in the future?

At the end of the day, the user is the weakest point of security. Users should make an effort to use good cyber hygiene especially if efforts were not taken in response to prior breaches that may be included in this dataset; this includes enabling two-factor authentication and not reusing passwords. Individuals are urged to use different passwords for different online accounts; if remembering these passwords is a concern, users can employ a reputable password manager. The risk of identity theft is high when these kinds of data are published and experts recommend checking your credit or considering a security credit freeze to prevent unauthorized use. Users can also use sites such as Have I Been Pwned and CyberNews to check whether there are any currently published data breaches containing your information. Individuals should be vigilant in the coming weeks about suspicious activity on their accounts, especially any notifications of attempted log-ins from unrecognized devices. Users should also be wary of any emails sent to them that ask to input login information anywhere other than the website itself.



Photo of Dr. Rachel McNealey, Assistant Professor and cybercrime expert, in the School of Criminal Justice at MSUDr. Rachel McNealey is an Assistant Professor of Criminal Justice with her Ph.D. in criminology from Penn State University. Her research focuses on cybervictimization events and cyberoffending behavior, with the goal of tying new forms of crime to traditional theories of crime. Her work has been published in the Journal of Crime and Justice, the Journal of Interpersonal Violence, and the Journal of Research in Crime and Delinquency. Her non-academic experience includes working in the digital forensics lab at the Joint Electronic Crimes Task Force in Tuscaloosa, Alabama as well as their Network Intrusion Lab and security group Project Halo. As an early career scholar, her work aims to investigate emerging forms of crime with established methods and theories to produce actionable, practice-oriented findings.