January 2024 saw the probably the biggest known leak of personal data yet known. An astonishing 26 billion records from various sources was found by researchers to available via open resources.

“The dataset is extremely dangerous as threat actors could leverage the aggregated data for a wide range of attacks, including identity theft, sophisticated phishing schemes, targeted cyberattacks, and unauthorized access to personal and sensitive accounts,” the researchers said.

Rather than newly hacked data, it seems to at least mostly be a collection of historical data breaches all handily available in one download. Which makes sense when one realises who the leaker was, outlined below.

Cybernews reports on some of the sites whose data was in the haul - site name and number of records:

  • Tencent (21.5B),
  • Weibo (504M),
  • MySpace (360M),
  • Twitter (281M),
  • Wattpad (271M),
  • NetEase (261M)
  • Deezer (258M),
  • Linkedin (251M),
  • AdultFriendFinder (220M),
  • Zynga (217M) ,
  • Luxottica (206M),
  • Evite (179M),
  • Adobe (153M),
  • MyFitnessPal (151M,)
  • Canva (143M),
  • JD.com (142M),
  • Badoo (127M),
  • VK (101M),
  • Youju (100M).
  • Daily Motion (86M),
  • Dropbox (69M),
  • Telegram (41M),
  • and many other companies and organizations.

They set up a site where you can see if your data has been leaked which includes the above collection.

It seems like it was actually a site that offers the service of checking whether your personal data got leaked that was the inadvertent offender in this case. Whoops.

Leak-Lookup, a data breach search engine, said it was the holder of the leaked dataset. The platform posted a message on X, saying the problem behind the leak was a “firewall misconfiguration,” which was fixed.