The mother of all breaches (MOAB). That’s how security experts refer to the recent discovery of a massive database that is composed of data from thousands of previous breaches, leaks, and private data databases.

But why should I care? How does it impact me?

The breach includes over 26 billion records. That’s staggering. And that means if any of your accounts are included (or if you reuse passwords anywhere), you need to take action to protect yourself and your family.

What Happened? A massive database built from previous breaches, leaks, and private databases across a wide range of business and consumer sites from Twitter and LinkedIn to Adobe and Dropbox has been released by an unknown source. This breach is composed of roughly 26 billion records, and is being referred to as the “mother of all breaches”.

Who’s impacted? The database includes data from a wide variety of commonly used websites, including Tencent, Deezer, Dropbox, and LinkedIn, among others.

How can I tell if I’ve been breached? Cybernews.com has published a personal data leak checker. You can enter your email address to see if it was included in the leak. I didn't add this to the video because I didn't know about it.

What to do if you’ve been breached

Anyone who has an account with these sites, or has reused passwords associated with these sites, should take action immediately. That means resetting passwords and updating login information wherever necessary to protect yourself. If you have a family, don’t forget to check and update any of their passwords as well.

Long term, there are a few things you can do to help prevent this from happening to you in the future. You can:

• Secure you and your household as soon as possible by using a password manager to make it easy to create and manage unique, strong passwords for your accounts.
• Use data breach checkers like whatbreach. You can use data breach checkers regularly to check if your email was involved in any data breach.
• Use passkeys that use biometrics (like your thumbprint or facial recognition) wherever possible to bypass having to use passwords.

What is WhatBreach

WhatBreach is an OSINT tool that simplifies the task of discovering what breaches an email address has been discovered in. WhatBreach provides a simple and effective way to search either multiple or a single email address and discover all known breaches that this email has been seen. From there WhatBreach is capable of downloading the database if it is publicly available, downloading the pastes the email was seen in, or searching the domain of the email for further investigation. To perform this task successfully WhatBreach takes advantage of the following websites and/or API's:

• WhatBreach takes advantage of haveibeenpwned.com's API. HIBP's API is no longer free and costs 3.50 USD per month. To get an API key please see here
• WhatBreach takes advantage of dehashed.com to discover if the database has been seen in a breach before. WhatBreach provides a link to a detached search for effective downloading
• WhatBreach takes advantage of hunter.io's API (requires free API token) this allows simple and effective domain searching and will provide further information on the domain being searched along with storing the discovered results in a file for later processing
• WhatBreach takes advantage of pastes from pastebin.com that have been found from HIBP. It will also provide a link to the paste that the breach was seen in and is capable of downloading the raw paste if requested
• WhatBreach takes advantage of databases.today to download the databases of the website. This allows a simple and effective way of downloading databases without having to search manually
• WhatBreach takes advantage of weleakinfo.com's API (requires a free API token) this provides an extra search for the email to discover even more public breaches
• WhatBreach takes advantage of emailrep.io's simple open API to search for possible profiles associated with an email, it also dumps all information discovered into a file for further processing

Some interesting features of WhatBreach include the following:

• Ability to detect if the email is a ten-minute email or not and prompt to process it or not
• Check the email for deliverable status using hunter.io
• Ability to throttle the requests to help prevent HIBP from blocking you
• Download the databases (since they are large) into a directory of your choice
• Search either a single email or a text file containing one email per line

Installation and Setup

Prerequisites:

You need Git to clone this tool. To install git and configure it, follow the instructions below. It works for both Linux and Termux.

$ sudo apt-get install git
$ git config --global user.name "John Doe"
$ git config --global user.email johndoe@example.com

You need to install Python, visit the Python website to see how to install it

$ sudo apt install python

Running:

Step 1: Open your Terminal

Step 2: Copy and paste the following commands:

$ git clone https://github.com/Ekultek/WhatBreach.git

Step 3: Enter the terminal then install all the requirements using the command below.

$ pip install -r requirements.txt

Step 4: If you are using a newer version of Python you would need to change some codes in the file formatter.py, so open that file using the codes below

$ nano /lib/formatter.py

Step 5: Change the raw_input into input

Step 6: Run the script using

$ python whatbreach.py -e example@gmail.com

So that's it, this is a powerful tool I would advise you to use it and also check the other site to see if your data is safe.