topic Re: Mother of all breaches reveals 26 billion records: what we know so far in Privacy

Mother of all breaches reveals 26 billion records: what we know so far

Caute_cautim — Wed, 24 Jan 2024 02:34:24 GMT

HI All

This a big one:

Security researchers have discovered billions of exposed records online, calling it the “mother of all breaches”.

However, the dataset doesn’t seem to be from one single data breach, but more a compilation of multiple breaches. These sets are often created by data enrichment companies. Data enrichment is the process of combining first party data from internal sources with disparate data from other internal systems or third party data from external sources. Enriched data is a valuable asset for any organization because it becomes more useful and insightful.

https://www.malwarebytes.com/blog/news/2024/01/the-mother-of-all-breaches-26-billion-records-found-online

Regards

Caute_Cautim

Re: Mother of all breaches reveals 26 billion records: what we know so far

Early_Adopter — Wed, 24 Jan 2024 09:04:22 GMT

I think I can say that I’m deeply offended for the entire 26 Billion individual human Bering directly impacted by this!!!😎

Re: Mother of all breaches reveals 26 billion records: what we know so far

JoePete — Wed, 24 Jan 2024 13:16:33 GMT

From the article "“While the team identified over 26 billion records, duplicates are also highly likely."

Given that the dataset is slightly more than three times the world's population, I'd say it is more than "highly likely" that there are duplicates (or at least differing accounts pointing to the same individual). It does offer an insight into the mountain of data out there. Are we even able to quantify the cost, environmental impacts, and risks of the technology we use today and its data trail?

Re: Mother of all breaches reveals 26 billion records: what we know so far

ericgeater — Wed, 24 Jan 2024 15:38:35 GMT

"Are we even able to quantify the cost, environmental impacts, and risks of the technology we use today and its data trail?"

These images were shared on a social media account which discusses weather for Puerto Rico. Four years ago:

And this Winter:

All the solar and wind energy in the world won't make a difference if we don't curb our carbon consumption. It certainly seems that our technical debt, cloud sprawl, and return-to-office mandates are too useful to us.

Re: Mother of all breaches reveals 26 billion records: what we know so far

ericgeater — Wed, 24 Jan 2024 15:42:50 GMT

"This a big one"

And this article is the sine qua non why every person should freeze their credit reporting agency accounts, and turn MFA on every online resource. Like zero trust, assume a breach.

Re: Mother of all breaches reveals 26 billion records: what we know so far

Early_Adopter — Wed, 24 Jan 2024 15:56:48 GMT

At this stage there’s enough info out there that it’s really just all hyper sudoku with columns and rows in the trillions… the number space is too small so it’s just a matter of time … humans should probably invent a new nomenclature, rotate all identifiers every sixty-three days and swap all biometrics with a ten year plan to secure for each individual completely new DNA… 😛

Re: Mother of all breaches reveals 26 billion records: what we know so far

ericgeater — Thu, 25 Jan 2024 14:12:59 GMT

Unrelated to cybersecurity, @Early_Adopter... I tried Sudoku for the first time this weekend! I didn't do that well, and I'd say that swapping my biometrics might actually be easier.

Re: Mother of all breaches reveals 26 billion records: what we know so far

JoePete — Thu, 25 Jan 2024 16:06:49 GMT

@Early_Adopter wrote:
At this stage there’s enough info out there that it’s really just all hyper sudoku with columns and rows in the trillions… the number space is too small so it’s just a matter of time … humans should probably invent a new nomenclature, rotate all identifiers every sixty-three days and swap all biometrics with a ten year plan to secure for each individual completely new DNA… 😛

Honestly, there is a lot of wisdom to thinking this way. Let's face it, the other way of stating "Zero Trust" is "Assume Failure." I think it is good assume that every transaction you make will eventually get hacked. So yes, rotate accounts and identifiers, never give up more information than you need, and if practical, give up false information. But start by curtailing the transactions. This is where we fail miserably in educating kids. When my kids were in high school, their teachers had them creating accounts left and right and downloading apps to track everything from homework assignments to practices to office hour schedules, etc. Adults do the same thing, of course. I just feel the way we treat technology in schools it would be akin to passing out cigarettes in health class.