The Mother of all Breaches

Questions on how we spend our money and our time - consumer goods and services, home and vehicle, leisure and recreational activities
Post Reply
Topic Author
notBobToo
Posts: 215
Joined: Wed Jan 02, 2019 9:07 pm

The Mother of all Breaches

Post by notBobToo »

Got an e-mail from Malwarebytes, the Subject title. They say that researchers recently found 26 billion records exposed together online. Not a single breach but a compilation of multiple breaches from various social media sites.

They go on to say that I can enter my commonly used e-mail address into their Digital Footprint Portal, which will result in an e-mail report containing the information that they found about me that has been exposed online. I wonder if this is harmless or another type of phishing expedition? I guess that I have always been leery of sending out my phone numbers, e-mail addresses and other PII in a general search just to see what's out there. (Not that the information isn't already out there, but at least "they" may not that information associated with my IP addresses, MAC address, etc.)

So what say you? Overly paranoid or potentially harmful?
livesoft
Posts: 86368
Joined: Thu Mar 01, 2007 7:00 pm

Re: The Mother of all Breaches

Post by livesoft »

If you just assume information on you is exposed already, then how would doing what you propose change your behavior? Since I wouldn't be doing anything different myself, I would not waste my time. I'd rather waste my time by commenting on bogleheads.org.
Wiki This signature message sponsored by sscritic: Learn to fish.
barnaclebob
Posts: 5707
Joined: Thu Aug 09, 2012 10:54 am

Re: The Mother of all Breaches

Post by barnaclebob »

My assumption is that anything from an anti virus company is junk, ESPECIALLY if its trying to get you to enter your info.
Horologium
Posts: 291
Joined: Tue Oct 23, 2018 10:08 am
Location: Chicagoland

Re: The Mother of all Breaches

Post by Horologium »

They are hyping hysteria in order to sell their services.
jebco
Posts: 36
Joined: Tue May 11, 2021 10:35 am

Re: The Mother of all Breaches

Post by jebco »

The only resource I'd trust for this is https://haveibeenpwned.com/, which is run by an actual security professional as a passion project. If there is actually any new content in a breach, I'd expect it to show up sooner or later on there.
Zanmar
Posts: 194
Joined: Wed Mar 16, 2022 8:10 pm

Re: The Mother of all Breaches

Post by Zanmar »

notBobToo wrote: Wed Jan 24, 2024 11:33 am Got an e-mail from Malwarebytes, the Subject title. They say that researchers recently found 26 billion records exposed together online. Not a single breach but a compilation of multiple breaches from various social media sites.

They go on to say that I can enter my commonly used e-mail address into their Digital Footprint Portal, which will result in an e-mail report containing the information that they found about me that has been exposed online. I wonder if this is harmless or another type of phishing expedition? I guess that I have always been leery of sending out my phone numbers, e-mail addresses and other PII in a general search just to see what's out there. (Not that the information isn't already out there, but at least "they" may not that information associated with my IP addresses, MAC address, etc.)

So what say you? Overly paranoid or potentially harmful?
World population is 8.1 billion. More than 3 docs per person. Kind of doubt their numbers.
iamlucky13
Posts: 3589
Joined: Sat Mar 04, 2017 4:28 pm
Location: Western Washington

Re: The Mother of all Breaches

Post by iamlucky13 »

It could just be spam from a computer security company trying to sell their product, but it could just as easily be a phishing attempt by some other party.

Generally you should not click on email links unless you were expecting them, and you should not enter personal information in such a message.

Malwarebytes is a known company, but not every email provider makes it easy to tell if a sender name is spoofed. They do have a "digital footprint portal," which presumably checks for data associated with your email address in a database they have of data known to be getting traded by spammers and phishers online. Whether the report is in any way useful, however, is unclear. If they report they found references to your email address on the spooky sounding "dark web" 1,000 times, for example, what would you do?

Also, if you use the digital footprint portal, you are agreeing to receive marketing emails from Malwarebytes.

The best response to noticing such spam is to take your own actions to make sure your computing practices are secure - follow recommended password practices, keep your operating systems set to auto-update, don't click unknown links, never enter personal information or passwords in unknown links, etc.

For what it is worth, there are a few news articles circulating about a "leak of 26 billion records," but it sounds like it is more likely a single repository of 26 billion records compiled from 3800 individual breaches and/or phishing operations. It's hard to say how useful the data actually is to any nefarious actor, versus just being a huge amount of noise and redundant data to sift through, and if you have good computer security habits, there's probably nothing in it that can be used to significantly affect you.
User avatar
SmileyFace
Posts: 9431
Joined: Wed Feb 19, 2014 9:11 am

Re: The Mother of all Breaches

Post by SmileyFace »

notBobToo wrote: Wed Jan 24, 2024 11:33 am Got an e-mail from Malwarebytes, the Subject title.
How do you know it is from Malwarebytes?
You probably got an email from someone claiming to be Malwarebytes.

Here is the article they are using to try to scare you:
https://www.malwarebytes.com/blog/news/ ... und-online
lazydavid
Posts: 5345
Joined: Wed Apr 06, 2016 1:37 pm

Re: The Mother of all Breaches

Post by lazydavid »

Zanmar wrote: Wed Jan 24, 2024 11:54 am World population is 8.1 billion. More than 3 docs per person. Kind of doubt their numbers.
Not docs, records. I have 1403 items stored in 1Password. Not all of those are credentials, but let's be conservative and say that 1,000 of them are. That's a lot of accounts in a lot of places. I guarantee at least several dozen of those have experienced breaches at some point.

There are probably nowhere near 8 billion people represented in those 26 billion records, but there are certainly a large number of people who have had information about them stolen from significantly more than 3 places.
torso2500
Posts: 146
Joined: Wed Sep 14, 2022 11:35 am

Re: The Mother of all Breaches

Post by torso2500 »

it sounds like a significant proportion of the records are compiled from previous breaches, if not the vast majority
howard71
Posts: 488
Joined: Wed Oct 28, 2020 11:10 am

Re: The Mother of all Breaches

Post by howard71 »

According to the pwned website there was a breach on an app called MyFItnessPal which I don't even remember downloading. I did buy a FitBit last year so maybe it had something to do with that.

Probably explains why I started receiving a flurry of spam emails late last year. Took me a while to block and set up filters do delete but I finally stopped getting them. If that's the only damage done, not a big deal.
rkhusky
Posts: 18240
Joined: Thu Aug 18, 2011 8:09 pm

Re: The Mother of all Breaches

Post by rkhusky »

Don’t they already have your email, since they sent you an email?
If you would search on a different email, are there already existing links between the two emails?
User avatar
StevieG72
Posts: 2270
Joined: Wed Feb 05, 2014 8:00 pm

Re: The Mother of all Breaches

Post by StevieG72 »

Sounds like a sales pitch to me.
Fools think their own way is right, but the wise listen to others.
ROIGuy
Posts: 2485
Joined: Sun May 08, 2016 10:10 am

Re: The Mother of all Breaches

Post by ROIGuy »

StevieG72 wrote: Wed Jan 24, 2024 3:06 pm Sounds like a sales pitch to me.
+1
evelynmanley
Posts: 1047
Joined: Tue Sep 21, 2010 9:13 am

Re: The Mother of all Breaches

Post by evelynmanley »

Warning As 26 Billion Records Leak: Dropbox, LinkedIn, Twitter Named
Davey Winder


https://www.forbes.com/sites/daveywinde ... 125532ab58
cs412a
Posts: 471
Joined: Sun Dec 17, 2017 12:37 pm

Re: The Mother of all Breaches

Post by cs412a »

jebco wrote: Wed Jan 24, 2024 11:50 am The only resource I'd trust for this is https://haveibeenpwned.com/, which is run by an actual security professional as a passion project. If there is actually any new content in a breach, I'd expect it to show up sooner or later on there.
Thanks for the info. Checked out the website and it’s recommended by Consumer Reports.
ccieemeritus
Posts: 734
Joined: Thu Mar 06, 2014 9:43 pm

Re: The Mother of all Breaches

Post by ccieemeritus »

jebco wrote: Wed Jan 24, 2024 11:50 am The only resource I'd trust for this is https://haveibeenpwned.com/, which is run by an actual security professional as a passion project. If there is actually any new content in a breach, I'd expect it to show up sooner or later on there.
+1 for haveibeenpwned.com. Run by a highly respected security professional. You can search if your email address has already been included in a breach. You can subscribe and receive proactive notifications when a new breach includes your email. So far they notified me that I was included in the iD Tech data breach (March 2023) and the MGM resorts data breach (May 2022), in addition to some old breaches (LinkedIn).

The best security mechanism remains: get a password manager so you can use different passwords on each site. All "money related" accounts should use 2-factor authentication. SMS-based 2-factor authentication is 10x better than just a password, but consider using a token or authenticator app for your monetary accounts.

And make sure to closely protect the email account you use for your logins. Most websites let you reset the password by sending email. So if (for example) someone steals your phone and PIN and can view your email, they can start taking over your accounts. Don't let someone see or get your phone PIN!

Recent update: iPhone users should upgrade to iOS 17.3 and enable settings-> Face ID & Passcode -> stolen device protection. https://support.apple.com/en-us/HT212510
Doctor Rhythm
Posts: 3204
Joined: Mon Jan 22, 2018 2:55 am

Re: The Mother of all Breaches

Post by Doctor Rhythm »

Are you a customer of Malwarebytes and receive updates from them regularly? If not, ask why they would e-mail you this alarming message.
KneePartsPro
Posts: 703
Joined: Tue Dec 29, 2020 10:52 am

Re: The Mother of all Breaches

Post by KneePartsPro »

A little over a year ago Linked In locked me out of my account when they got breached. They informed me that the only way they'd let me back in was if I uploaded a picture of my driver's license to prove I was who I said I was. I thought it was funny. They'd just been hacked and they wanted me to upload more information. Life's been simpler without them.
twh
Posts: 1857
Joined: Sat Feb 08, 2020 2:15 pm

Re: The Mother of all Breaches

Post by twh »

FWIW, Malwarebytes is a legit company. Just because they also have a paid product does make them not legit.
cs412a
Posts: 471
Joined: Sun Dec 17, 2017 12:37 pm

Re: The Mother of all Breaches

Post by cs412a »

Doctor Rhythm wrote: Wed Jan 24, 2024 3:33 pm Are you a customer of Malwarebytes and receive updates from them regularly? If not, ask why they would e-mail you this alarming message.
I got the email. I assumed it was because I was a customer. They send emails with stuff I find interesting. They also send emails to advertise their products. Those I just delete.
User avatar
Vulcan
Posts: 3041
Joined: Sat Apr 05, 2014 11:43 pm

Re: The Mother of all Breaches

Post by Vulcan »

livesoft wrote: Wed Jan 24, 2024 11:36 am If you just assume information on you is exposed already, then how would doing what you propose change your behavior? Since I wouldn't be doing anything different myself, I would not waste my time. I'd rather waste my time by commenting on bogleheads.org.
That's right! Commenting on bogleheads.org might change other people's behavior, which is what most needs changing anyway. :sharebeer
If you torture the data long enough, it will confess to anything. ~Ronald Coase
crisp3er
Posts: 43
Joined: Sun Dec 27, 2020 11:08 am

Re: The Mother of all Breaches

Post by crisp3er »

The Mother of all Breaches highlights our vulnerability. I think we should be more careful with our information online.
Some tips to protect our data are described here: change passwords regularly, enable multi-factor authentication where possible, and be mindful of the information you share online.
Last edited by crisp3er on Thu May 16, 2024 2:58 am, edited 1 time in total.
Target2019
Posts: 962
Joined: Sat Mar 03, 2007 4:30 pm

Re: The Mother of all Breaches

Post by Target2019 »

I have an older email address that's been in 10 breaches. THe Malewarebytes web thing told me that. And then there's a sale pitch I won't go for.

I have protection by virtue of being a contractor caught up in USG breach a number of years ago. I get reports and look. It scans email addresses for me too. Every piece of my life was in the filed report, including fingerprints.

The mother of all breaches is not a good tag for what's going on. In a nutshell, state and criminal enterpirses have been aggregating all of this exposed data for a long time. So your adversaries with deep pockets and a young generation of eager beavers are developing tools to use aggregated data very quickly, and then craft new attacks.

Every day it's something. Lol.
Normchad
Posts: 5927
Joined: Thu Mar 03, 2011 6:20 am

Re: The Mother of all Breaches

Post by Normchad »

crisp3er wrote: Tue May 14, 2024 4:24 am The Mother of all Breaches highlights our vulnerability. I think we should be more careful with our information online.
I don’t know if it even matters. It’s other companies that are leaking/losing my data. Target. Office of management and budget. One of the huge health insurance companies last week. If I do everything right, the data is still getting out there.

Everybody should freeze their credit at the major reporting agencies. Everybody should do the best they can do, but it’s not enough.
andypanda
Posts: 2077
Joined: Sun Nov 12, 2017 8:11 pm
Location: Richmond, Virginia

Re: The Mother of all Breaches

Post by andypanda »

"iPhone users should upgrade to iOS 17.3"

I just checked, mine is 17.4.1
NotWhoYouThink
Posts: 3617
Joined: Fri Dec 26, 2014 3:19 pm

Re: The Mother of all Breaches

Post by NotWhoYouThink »

My info was part of the OMB breach, so I still get notifications of things that have been found. Looks like the Buzz Book (remember those) from my kids' grade school is out there, so all of our names, our address, and the old landline number associated with that are out there. My Spam folder fills up regularly, so my email is out there, nothing newsworthy about that.

It hasn't affected my life much.
Yarlonkol12
Posts: 1004
Joined: Thu Apr 11, 2019 4:28 pm

Re: The Mother of all Breaches

Post by Yarlonkol12 »

Everyone's "personal" information has been leaked at this point, it's just another attempt to drum up business for "identity theft"
My posts are for entertainment purposes only.
crisp3er
Posts: 43
Joined: Sun Dec 27, 2020 11:08 am

Re: The Mother of all Breaches

Post by crisp3er »

Normchad wrote: Tue May 14, 2024 9:51 am
crisp3er wrote: Tue May 14, 2024 4:24 am The Mother of all Breaches highlights our vulnerability. I think we should be more careful with our information online.
I don’t know if it even matters. It’s other companies that are leaking/losing my data. Target. Office of management and budget. One of the huge health insurance companies last week. If I do everything right, the data is still getting out there.

Everybody should freeze their credit at the major reporting agencies. Everybody should do the best they can do, but it’s not enough.
Personally, I try to put as little personal information online as possible. The transition of bureaucracy to online is attempted, but there is still a lot of work to be done in terms of security. The online environment is constantly evolving, and security is a great concern that needs to be addressed
Post Reply