IT Governance, the global provider of cyber risk and privacy management solutions, found more than 29.5 billion records known to be breached in 4,645 publicly disclosed security incidents in January 2024.
Incredibly, even though the year has only just begun, January has already surpassed the entire year of 2023 in both publicly disclosed incidents and known records breached.
The staggering findings are due to a major outlier event: the MOAB (mother of all breaches), where an open instance saw more than 26 billion records leaked from 3,876 domain names.
In terms of records compromised, this is a 10,537% increase compared to January 2023, and a 1,217% increase compared to December 2023.
Significant breaches in January 2024 included a huge compilation of breached data – the MOAB, a database belonging to Russia’s Far Eastern Research Center for Space Hydrometeorology (Planeta), and a mobile network database affecting 750 million Indian citizens.
The ‘mother of all breaches’
Security researcher Bob Diachenko and investigators from Cybernews have discovered an open instance containing a staggering 26 billion data records, mostly compiled from previous breaches, although it likely also includes new data.
What’s particularly alarming is that the exposed data goes beyond mere credentials – it’s apparently mainly sensitive information. Given the extraordinary scale of the data breach, it’s been dubbed the MOAB. Among the exposed data, 3,876 domain names were identified.
Leon Teale, senior penetration tester at IT Governance Ltd, said that “data leaks which were exposed years ago are still being used today to compromise accounts, telling us that many people don’t change their password after a breach, or even at some regular frequency”.
Planeta
The Main Directorate of Intelligence of the Ministry of Defense of Ukraine claims that it has destroyed a massive 2-petabyte database owned by Russia’s Far Eastern Research Center for Space Hydrometeorology, also known as Planeta.
While news of state-sponsored attacks during wartime should be approached with caution, it seems that the cyber assault on Planeta – responsible for receiving and analysing satellite data for more than 50 Russian state entities, including the Ministry of War – resulted in the destruction of 280 servers, amounting to a financial loss of “at least $10 million”.
Mobile network database affecting 750 million Indian citizens
Cyber security company CloudSEK discovered the personal information of 750 million Indian citizens available for sale on an “underground forum”. The compromised data includes individuals’ names, addresses, phone numbers and Aadhaar numbers (a 12-digit government identification number).
The exact method of the data breach remains uncertain, although the attackers have implied that it was the result of “exploiting vulnerabilities within government databases of telecommunication systems”.
Alan Calder, founder and executive chairman of IT Governance, said, “The sheer scale of data breaches in January 2024 is staggering and paints a bleak picture of the current state of cyber security, signalling a red flag for both organisations and individuals.
“The MOAB, exposing a whopping 26 billion data records, should be a wake-up call – it’s not just about passwords, but highly personal information being compromised on an unprecedented scale. The fact that some of this data might be from past breaches and still gets exploited today highlights a glaring issue – people often don’t update their passwords or take security seriously enough.
“Many of these breaches exploit vulnerabilities that should have been patched long ago, which is frustrating. We can’t afford to be complacent – cyber threats are evolving rapidly, and we need to stay one step ahead to protect ourselves and our data.
“In the face of these findings, it’s not just about beefing up security measures but fostering a collective sense of responsibility for cyber security. Organisations need to invest in comprehensive security measures, and individuals must prioritise good security practices, including regular password changes, choosing strong passwords to begin with, and staying vigilant against phishing attempts. These incidents should serve as a collective call to action for everyone to step up their cyber security game.”
IT Governance is committed to helping organisations address the threat of cyber crime and other information security flaws. We provide a range of resources, including training courses, consultancy services and free guides, to help organisations understand and reduce dangers.
Leave a Comment