Computer security experts have discovered a huge spam list containing over 700 million email addresses stolen by a spambot called Onliner.
The breach was first discovered by a Paris-based security researcher named Benkow. According to IFLScience, it contains two separate troves of data; one simply of e-mail addresses, while the second more serious set contains addresses and passwords.
Experts say the e-mail breach is the biggest spambot dump that the world has ever seen, and raises serious questions about Internet privacy, which is increasingly becoming a headache for cyber security experts and privacy activists. Secret government agencies and cyber criminals have also stepped up their efforts to spy or steal personal information online.
You can check if your e-mail address is on the list by going to haveibeenpwned.com – an anti-hacker website, run by Australian computer security expert Troy Hunt, which has details of compromised e-mail addresses and leaked passwords.
If you see your e-mail address on the list, stop using it and change your password immediately. In fact, change your password on all websites you have used it in the past or use it currently. Also, if you see suspicious e-mails – often disguised as invoices – don’t open them, because it could be malicious software designed to steal your banking details.
As Hunt writes on his website, this is the largest single data set he has ever loaded into Have I Been Pwned, and that “for a sense of scale, that’s almost one address for every single man, woman, and child in all of Europe.”
Processing the largest list of data ever seen in @haveibeenpwned courtesy of a nasty spambot. I’m in there, you probably are too.
— Troy Hunt (@troyhunt) August 28, 2017
The Onliner spambot, which has access to the list of 711 million e-mail addresses, pointed Hunt and Benkow to an IP address in the Netherlands, suggesting the affected e-mail accounts have been published on an open and accessible web server hosted in the Netherlands. The two experts would not publish the IP address as it could further spread the compromised data.