The "Mother of All Breaches": 26 Billion Records Exposed in Unprecedented Data Leak Security researchers have uncovered what may be the largest compilation of stolen credentials in history a 12-terabyte database dubbed the "Mother of All Breaches" (MOAB), containing 26 billion records from thousands of prior data leaks. Discovered by researcher Bob Dyachenko of SecurityDiscovery.com in collaboration with Cybernews, the dataset was found on an open, publicly accessible server, though its owner remains unknown. Unlike a single hack, the MOAB is a "compilation of breaches" (COB), aggregating credentials from major platforms, including: - 1.5 billion records from Tencent - 504 million from Weibo - 360 million from MySpace - 281 million from Twitter (X) - Millions more from LinkedIn, Adobe, Canva, Deezer, AdultFriendFinder, and others The dataset also includes records from government organizations in the U.S., Brazil, Germany, the Philippines, and Turkey, amplifying risks for both individuals and enterprises. ### Why This Breach Is a Game-Changer The MOAB’s danger lies in its consolidation and accessibility. Instead of scattered leaks, attackers now have a single, searchable repository for credential stuffing, phishing, and targeted attacks. While many passwords are outdated, the sheer volume ensures some will still work especially given widespread password reuse. Worse, experts warn the dataset may include fresh data from infostealer malware, which harvests current credentials, browser cookies, and autofill details. This hybrid threat combining historical breaches with live infections creates a highly effective tool for cybercriminals, from low-level fraudsters to initial access brokers (IABs) selling corporate network access to ransomware gangs. ### The Fallout: A New Era of Cyber Risk The MOAB’s impact extends beyond individuals. Corporate and government networks are at heightened risk due to employees reusing passwords across personal and work accounts. A single compromised credential could provide attackers with a foothold for devastating intrusions. Security experts emphasize that password-only authentication is now obsolete against such a vast dataset. The breach underscores the urgent need for multi-factor authentication (MFA), particularly phishing-resistant methods like FIDO2 security keys. Continuous monitoring of credentials against breach databases is also critical. With the data now in the wild, the MOAB will fuel cyberattacks for years, marking a sobering shift in the threat landscape. The leak serves as a stark reminder: once exposed, data never truly disappears it only becomes more dangerous.

Tencent’s WeChat, alongside Sina Weibo and Baidu Tieba, is under formal investigation by China’s Cyberspace Administration of China (CAC) for violations of the country’s Cybersecurity Law. The probe was triggered by user-generated content on WeChat—including violence, fabricated rumors, obscenity, pornography, and information deemed harmful to national security, public safety, and social order. The CAC accused Tencent of failing to adequately moderate or remove prohibited content, neglecting its legal obligations under the Cybersecurity Law. While the investigation is ongoing, the reputational damage is immediate, given WeChat’s role as China’s dominant social media and messaging platform with over 1.3 billion users. The case highlights regulatory risks for tech giants operating under China’s strict cyber governance, where non-compliance can lead to fines, operational restrictions, or forced content removals. Though no data breach or financial loss was reported, the scrutiny threatens user trust, investor confidence, and potential government-imposed penalties, with broader implications for Tencent’s domestic and international operations. The CAC’s public notice also encourages further whistleblowing, amplifying the risk of prolonged regulatory pressure.