MOAB: a massive compilation of old data leaks, warns expert
The Mother of All Breaches (MOAB), a massive compilation of leaked credentials, has stirred up considerable discussion among cybersecurity experts. Nick Hyatt, Director of Threat Intelligence at Blackpoint Cyber, recently weighed in on the conversation with nuanced insight, suggesting that this is not solely a new data leak but rather an aggregation of numerous old ones.
According to Hyatt, the MOAB, amounting to approximately 26 billion records, compiles data from numerous historic breaches, including those from companies like LinkedIn, Tencent, and Weibo, among others. While some new data may be found in the leak due to its expansive nature, it largely combines data from pre-existing leaks. His stance reminds individuals to take a balanced approach towards the breach and not underestimate its potential impact.
Hyatt emphasises the importance of understanding how threat actors exploit leaked data. These actors execute 'credential stuffing attacks', a strategy where combinations of exposed usernames and passwords from a breached source are tested on different websites. This method banks on the commonality of individuals using the same password across multiple platforms. Given the diverse range of targets available, the MOAB presents a considerable resource for successful credential-stuffing attacks.
Specific protective measures can be employed in the face of such cybersecurity threats. Hyatt advises the implementation of multifactor authentication (MFA) wherever possible. He adds, "As exemplified by the compromise of Microsoft by Russia-aligned actors, even state-sponsored threats use credential stuffing. Using MFA to protect accounts can slow down and even prevent basic attacks like credential stuffing."
Hyatt also highlights the role of unique passwords and physical security keys in reducing the risk of account takeovers. He asserts, "Password managers make creating unique passwords easy. By limiting the usefulness of one password, you can reduce the efficacy of attacks on other accounts."
Understanding one's presence on the dark web is also advised, as data leaks are often bought and sold on the platform and used extensively in credential-stuffing attacks. This awareness can allow individuals to understand and secure compromised accounts before falling victim to such an attack.
Hyatt concludes by reminding everyone that experiencing a data leak is almost inevitable, given even the most minimal online presence. But, by implementing the measures he suggests, the impact of data leaks like the MOAB can be significantly reduced. As with many things in life, prevention is better than cure, especially when it comes to securing our online data.
Nick Hyatt has extensive knowledge in technology, support, and information security, having worked across a spectrum of industries ranging from small to Fortune 500 companies. His expertise spans incident response, threat intelligence, digital forensics, and malware analysis. With hands-on skills in malware forensics, data mapping, threat hunting, and e-discovery, he brings practical experience to diverse environments.