IT Essentials: The MOAB to end all MOABs

This one's on a delayed fuse

IT Essentials: The MOAB to end all MOABs

The fallout of the Mother of All Breaches has been subdued so far. It won't stay that way.

You don't need me to tell you war is hell. Even if the frontlines have shrunk in modern warfare, civilians are still inevitably caught in the conflict.

Perhaps the worst part is the munitions that lie dormant - sometimes for years - just waiting for an unwary foot to prod them.

Such is the case with the largest compilation of many breaches (COMB) the world has ever seen, so large that it has its own name and acronym: the Mother of All Breaches (MOAB).

Twenty-six billion (that's nine zeroes) records were caught up in this single data leak. For the record, 'only' around 8.2 billion records were leaked throughout 2023.

Admittedly, most of the records are from previous breaches - that's the nature of a COMB - so they might already be out there and known. But if even 10% of the data is new, this is still a leak of massive proportions.

Last week I hosted a dinner for security leaders, and naturally the MOAB came up. Opinions were surprisingly mixed - some treating it as business as usual, and others concerned about an avalanche of credential stuffing, spear-phishing and identity theft attacks, especially supported by AI.

We don't know how long that data has lain in an open repository, quietly growing more and more dangerous as new breaches have been added, but now it's out in the wild.

Like traditional kinetic munitions, a known data breach becomes easier to avoid, but it's not as simple as calling in the bomb squad (security team); there's a huge element of personal responsibility. Anyone affected - easily checked - needs to move quickly to change passwords and install two-factor authentication.

If your staff fail to do so, you might find yourself dealing with the fallout long after the MOAB has left headlines.

Cyber threats are rising, and IT leaders need the latest information to stay ahead of the curve. Join us at the Cybersecurity Festival on 2nd May, where we bring together the most senior and influential voices from security leaders throughout the UK. Click here to secure your free place.