Not long after the Naz.API incident raised fears of a “phone book” of all prior data leaks made readily available for criminal consumption, just such a database was discovered by security researchers in a private hosting account that seems to have been accidentally left open to internet traffic.
It’s not yet known who pulled all this data together or what they intended to do with it, but the new “MOAB” is by far the largest COMB or “combo file” that has yet appeared. It spans some 26 billion records in total; though a chunk of that is very likely to be duplicate entries, it presently dwarfs the prior largest collection at about nine times its size. It seems to include nearly all of the big data leaks of the past decade and beyond, organized into a set of over 3,800 folders for each individual breach or company.
Data leaks continue to centralize, with no way to stop them
The old adage about the internet is that once something is out there, it’s out there forever. That’s no less true for data leaks. It has taken some time, but they are inevitably becoming centralized via underground sources and more easy to search through and make connections.
It’s still unknown whether MOAB contains any new information. That possibility was illustrated very recently by Naz.API, which turned out to have tens of millions of new compromised email addresses in its depths. But even if it has nothing new, it is almost certainly going to trigger fresh waves of credential stuffing and scam attempts.
Also unknown is exactly who put it together, though an illicit data broker or some sort of profit-seeking cyber criminal is a pretty safe bet. It is unclear if anyone else found it prior to the security researchers, but it is almost certainly spreading now that the news is out.
There will be more data leaks and they will be centralized in this way, and at minimum that means every internet user has to cease recycling their passwords. Ideally, it also means making the jump to a solid multi-factor authentication method and a reputable password manager. Password re-use continues to be worryingly high despite the frequency of major data breaches and repeated warnings from the cybersecurity community, as is the use of simple and easily-guessed passwords.
MOAB data leak sources searchable at Cybernews
Cybernews and security researcher Bob Dyachenko of SecurityDiscovery.com broke the story, with the former maintaining a list of the folders found in the MOAB at their website.
Combo files in the style of MOAB have been around for years now, with the first of the big newsmaking examples being the “Collection” series that appeared in 2019. Since then it has just been a matter of time for all of this information to be condensed and made more searchable and connected; it was just a question of who would end up doing it, and why. Cyber crime is always the central motivation, however, and that means a more proactive approach of monitoring new data leak developments of this sort and empowering employees with more secure means of logging in.