Data in ‘Mother of All Breaches’ Was Likely Stolen Years Ago

A massive database of stolen credentials resurfaces, but it comprises years of stolen data collated from previous breaches.

Recent breach is actually a compilation

Widespread headlines warned of the “mother of all breaches” this week, after cybersecurity news outlet Cybernews discovered a colossal trove of 1.2TB of exposed login credentials.

Despite the frenzy, experts stress that this isn’t a data breach, but rather a repackaging of stolen data collected over many years.

Rather than being pulled from a recent hack, the data appears to be an aggregation of credentials harvested by infostealer malware and previous breaches. These credentials have been widely traded in cybercrime circles and are now simply resurfacing in a single database, briefly exposed online. That doesn’t mean that it should be ignored, however.

Stolen data trove mainly fueled by infostealer malware

Unfortunately, infostealers continue to plague the cyber landscape. This type of malware, designed to extract saved credentials, cryptocurrency wallets and sensitive files from compromised systems, is at the very core of this data cache.

Once inside a system, infostealers sweep up login details stored in browsers and applications, then exfiltrate them in a structured log to a command-and-control (C2) server controlled by threat actors.

These logs are typically shared or sold on Dark Web forums and messaging apps, such as Telegram and Discord. Sometimes, perpetrators even post them for free, either as bait to advertise paid leaks or to boost the attacker’s notoriety.

Risks remain, despite the published data’s old age

Although the newly surfaced database contains no unseen or newly compromised information, its scale is massive, as it could include billions of unique records. At an estimated 16 billion credentials, the data trove allegedly holds two leaked accounts for every living human.

This isn’t the first time stolen credentials have been compiled on such a massive scale, either. Leaks like “Collection #1” and “RockYou2024” were earlier examples of breaches that repackaged old, stolen credentials.

For individuals, the danger remains real if they recycle passwords across sites or continue to use credentials exposed in earlier incidents. Lack of additional security mechanisms, such as multi-factor authentication (MFA), increases their exposure to credential stuffing attacks.

Smart cyber hygiene can keep you safe

Although individuals can do little to dodge data breaches, taking simple yet effective steps can help you thwart threat actors’ efforts to compromise your security.

Enabling MFA, for instance, adds an extra layer of security that prevents threat actors from breaching your accounts, even if they have your login credentials.

Additionally, specialized software like Bitdefender Digital Identity Protection offers deeper visibility into your digital exposure. It continuously scans both the public and the Dark Web, alerts you when your data appears in breaches, and helps you secure your digital footprint with one-click action items.