January 25

The Mother of All Breaches: 26 Billion Records

It’s been a while since I had big data breach news… just kidding… it was 23andMe in October. But this news is wayyy bigger than that.

26,000,000,000 Is a Lot of Zeros

Y’all. This. Is. Big. Cybernews first reported the massive trove and raised the alarm.

Six Reasons This Breach Will Affect YOU

  • There are tons of new records
    This database of stolen info, like many giant breaches, contains data from previously known breaches, which means that you might already have fixed your vulnerabilities from an earlier issue. But it also has plenty of fresh data.
  • The records include sensitive data
    The breach has much more than just basic info. Cybernews says, “the leaked data contains far more information than just credentials – most of the exposed data is sensitive and, therefore, valuable for malicious actors.”
  • Many major sites are affected
    Recognize any of these companies? Again, some of this data was already out there, but if you didn’t change your password when the original breach happened, you’re now double hosed.
  • This is bigger than anything we’ve seen before
    The next-biggest massive data breach had about 12% of what this one contains. People, this is a LOT of data.
  • It comes on the heels of another huge breach
    About a week ago, Troy Hunt (founder of Have I Been Pwned?) verified that he believed a list called Naz.API contains a whopping 25 million credentials that hadn’t been seen before.
  • You’re in trouble if you reuse passwords
    One of the biggest worries from these massive databases is that now the bad guys have your username/password combos. They use these lists to go around and test other sites. So if you’ve reused your passwords, other accounts might be vulnerable.

What to Do If You’ve Been Breached

  1. Check to see if your emails and passwords are exposed. The Cybernews link is adding the Mother of All Breaches lists now
  2. Change your passwords.
    I don’t have to tell you this, but I am telling you anyway. Change your passwords. Update any reused passwords. You know what to do. You just need to make the time to do it.
  3. Use a password manager.
    I’ve had a lot of drama with password managers. I’m still bitter. But I think 1Password is the best.
  4. Go passwordless with passkeys.
    Passkeys let you log in using biometrics (face or fingerprints) and are much more secure. They’re not everywhere yet, but when you see the opportunity, make the switch.
  5. Enable multi-factor authentication.
    I know it’s annoying to have to wait for a code when you log into your bank account, but taking that extra step increases your security big time. That extra quarter second it takes to verify with another device can save you hours and hours of hassle if you get hacked.


business essentials, privacy, security

You may also like

Make your own graphic alphabet

Make your own graphic alphabet
  • do you have suggestions for multi-factor authentication that does not involve your phone? Several times my family has been affected by not being able to get into accounts while out of town because a phone was broken or did not work in the location we were in.

    • Many MFA tools have a back-up system such as answering extra questions. They may even have a place to put a second phone. You can also use an authenticator app that generates random codes that will sync with certain sites. It’s never easy. Sigh.

  • {"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}