Mother of All Breaches: what you need to know about the biggest data leak in history

You might have heard about the MOAB breach, short for “Mother of All Breaches”, which many are calling the largest data leak in history. But what really happened behind the headlines? 

The MOAB was discovered in early 2024, when researchers found a massive compilation of over 26 billion user records. While much of the data comes from older leaks, security experts warn that the sheer scale, combined with indications of previously unseen records, makes it uniquely dangerous.  

Think of billions of emails, user names, credentials, and sensitive information, from major platforms worldwide—all gathered in one searchable database.

In this article, we will break down what the Mother of All Breaches is, which companies were affected, why it matters to everyday users, and what steps you can take if your information was exposed.  

What is the Mother of All Breaches?

The Mother of All Breaches is a supermassive compilation of many breaches (COMB) discovered in January 2024.

Essentially, somebody organized thousands of known and unknown data breaches into a single repository. Each breach was placed in its own folder, amounting to over 3800 folders in total.  The whole dataset amounted to roughly 12 terabytes of exposed data. 

The leak was first identified by security researcher Bob Dyachenko and the CyberNews team. At first, it wasn’t clear how the MOAB breach data ended up floating around unprotected, but soon after, a data breach search engine, Leak-Lookup, admitted to the exposure. They cited a “firewall misconfiguration” that left the MOAB dataset publicly accessible. 

What remains unclear is who compiled all the information in one place, or why. Storing such a massive dataset requires substantial resources, and it doesn’t appear the MOAB was actively advertised on dark web forums. It’s also unclear if anyone else accessed the database before researchers found it.

Timeline of the Mother of All Breaches discovery

It all went down at the beginning of last year. 

• Initial compilation date: Unknown. 
  
• January 2024: The MOAB breach discovered by cybersecurity researcher Bob Dyachenko and the CyberNews team.
  
• Late January 2024: The Mother of All Breaches data leak traced back to Leak-Lookup. They revealed the incident was caused by firewall misconfiguration.
  
• February 2024: SpyCloud analysis reveals the MOAB dataset contains about 274 new data breaches, which amounts to approximately 1.6B newly exposed records.
  
• The following months: Databases had to be updated on HIBP (Have I Been Pwned) and CyberNews checkers.

How big is the MOAB breach? The scale explained

The Mother of all data breaches is, unsurprisingly, extremely large. It contains more than  26 billion records. To put that number into perspective, it is equivalent to three times the number of people in the world.

The MOAB dataset is packed with 12 terabytes of information. According to SpyCloud, 274 out of more than 3,800 MOAB data breach folders come with never-before-seen information. That’s about 1.6 billion newly exposed records. 

A dataset of this size inevitably contains duplicate information, since breaches expose overlapping data. Even if only a small percentage is new, that could amount to more than a billion fresh entries from recent breaches that had gone undetected until now. 

In fact, if your information was exposed anywhere in the past 10-15 years (which, likely, it was), it can probably be found in the Mother of all breaches data leak. 

What data was leaked in the MOAB breach?

The better question might be: what wasn’t? With over 26 billion records aggregated from thousands of breaches, the MOAB dataset contains a vast range of personal information far beyond basic login details. Among the exposed data are: 

• Emails
• Usernames and passwords (some hashed, others in plaintext)
• Phone numbers 
• Other personally identifiable information (PII) such as dates of birth, addresses, account details, etc. 

Not every record contains all of these data points, but taken together, the MOAB provides threat actors with enough information to build detailed profiles of millions of individuals.

Mother of All Breaches list: companies and platforms affected

The Mother of all breaches list spans thousands of organizations, with some of the largest exposures coming from major global platforms:

• Tencent QQ: 1.4 billion records
• Weibo: 504 million records
• MySpace: 360 million records
• X/Twitter: 281 million records
• LinkedIn: 251 million records
• Deezer: 258 million records
• Adobe: 153 million records
• Canva: 143 million records
• Dailymotion: 86 million records
• Dropbox: 69 million records
• Telegram: 41 million records

In addition to these headline numbers, the dataset also contained records tied to other companies and platforms, including HauteLook breached data, Zeeroq.com leak, leaked Venmo records, and many others. Researchers also identified records connected to government and public sector organizations in countries such as the U.S., Brazil, Germany, Turkey, and the Philippines.

Is the Mother of all breaches indeed the biggest data leak in history?

Yes, the Mother of all data breaches is no doubt the biggest data leak ever reported. It surpasses not only earlier mega-leaks but even those that came after.

For comparison:

• Infostealer malware datasets (2025): 16 billion  records (including leaked Netflix logins)
• DarkBeam data breach (2023): 3.8 billion records
• COMB (2021): 3.2 billion  records

Even though many MOAB entries are duplicates or years old, its scale and aggregation of so much data in one place make it more dangerous than any other breach to date.

Reactions to the Mother of All Breaches

Cybersecurity researchers’ criticism

The MOAB breach quickly made the headlines. While its scale alarmed many users, some cybersecurity experts downplayed the hype, describing it as “a giant recycling of old leaks.” Their main argument was that most of the MOAB dataset was a compilation of breached data that had already been circulating on dark web forums for years. 

Still, other researchers warned that ignoring the MOAB would be a mistake. Even if much of the data is old or duplicated, placing billions of records in one searchable database makes it much easier for criminals to exploit.

Public fallout

After hearing about the amount of already known data, many users were also belittling the real-world repercussions the MOAB may have.

Others were thinking of ways to protect themselves and debating the use of various Password Managers. 

“Remember the Sony leak on the PlayStation 3 being huge and reputation-damaging? Nowadays it feels like this happens so often I can’t keep up,” a Reddit user wrote.

Someone added, “This happens another five or six more times and I might start thinking that big companies aren’t very good at protecting our data.”

With a new data breach every month, cybersecurity incidents are starting to feel like old news. Many people are hesitant to reveal sensitive information on platforms, and rightfully question their cybersecurity practices.

Why MOAB data breach is dangerous even if much data is old

Our two cents? Whether the data is old or new should not be the focus. The MOAB breach brings about a novel set of risks to take into consideration. 

Cybercriminals can now go through the single searchable database instead of looking through scattered leaks. It’s easier than ever to connect separate pieces into a complete user profile. Such wealth of information increases the risk of successful identity theft on a scale not seen before.

A high volume of login credentials poses a huge risk of credential stuffing attacks. Cybercriminals may test their luck with exposed credentials across different websites, which is bad news if you tend to reuse passwords.

It’s also worth noting that sensitive personally identifiable information (such as DOBs, addresses, phone numbers, or emails) doesn’t expire. It can always be used in targeted phishing and fraud.

Finally, we live in the era of AI. Artificial intelligence can be used to detect password-creating patterns, which may endanger overall cybersecurity.

What to do if your data is in the MOAB breach

Check if you were affected

After the leak of 26 billion records, it’s safe to assume some of your information had been exposed. Use a leak checker to be sure, such as the HaveIBeenPwned or CyberNews tools. Although no single checker will have a complete index of all the data leaks, it’s a good place to start. You can also sign up for breach notifications.

Secure your accounts

The real danger of the MOAB breach is that cybercriminals can readily access all of your previously leaked passwords and use them for credential stuffing attacks. If you tend to reuse passwords or don’t bother changing them, they could be successful. 

We can’t stress enough the importance of good password hygiene. A trusted password manager for storing unique and complex account passwords is a must. Additionally, boost your cybersecurity with a multi-factor authentication step whenever possible. 

Protect your financial and identity data

In the event of having your sensitive information leaked, keep a close eye on your financial and identity data. Monitor your bank accounts and review credit reports for unauthorized transactions, no matter how small. Enable alerts for every new transaction. Consider placing a fraud alert or credit freeze for extra security.

Watch out for scams

As a general rule, the volume of phishing attacks increases after a data breach. Be on the lookout for suspicious emails, calls, or texts. Take a pause and think before responding. If anything feels off, it probably is. Instead of clicking on links or downloading attachments, be sure to get in touch through official communication channels and see what it’s actually about. And never, ever share your sensitive information with anyone via email, text, or call.

Reduce your online exposure

The less of your personal information is publicly available, the harder it is for cybercriminals to exploit the Mother of all breaches data leak. Remember to audit your old accounts and delete the ones you don’t use. Most importantly, limit what you share online and with whom. Tighten up your privacy settings on social media. 

Don’t forget about opting out of data brokers and people-search sites that have collected and exposed your personal information up to now. Use Onerep’s free scan of over 230 data broker and people-search sites to see which websites expose your information and send requests to have your data taken down. Or, let Onerep handle data removals automatically for you.   

👉 Sign up for Onerep 

FAQs about the Mother of all breaches

What does MOAB stand for in security?

In cybersecurity, the MOAB is an abbreviation for “Mother of All Breaches”. The acronym refers to an incident that happened in January 2024, when cybersecurity researchers discovered an unprotected database containing 26 billion records. This is the largest single compilation of exposed user data to date. 

How do I check if my SSN has been leaked?

The leak of your SSN is a bit more difficult to verify than, let’s say, an exposed email. You can assume that it has been exposed if you suspect unusual financial activity or ID theft. Signing up for ID protection services and dark web monitoring can give you a heads up if your SSN leak is detected.

Does MOAB include new data or only old leaks?

The MOAB is mostly compiled of old leaks; however, new data can also be found. According to SpyCloud analysis, there are about 1.6 billion records that haven’t been made public before the MOAB. These come from about 274 unknown data breaches.