Million Email Addresses Leaked in Massive Spambot Data Breach

Share

A Paris-based security researcher using the handle Benkow has discovered the largest known cache of email addresses and passwords being used to bypass email filters.

It is hard to know how this list was curated but it contains emails leaked in previous data breaches.The list contains email address scrapped from different other data breaches, such as LinkedIn, MySpace and Dropbox. "Just for a sense of scale, that's nearly one address for every single man, woman and child in all of Europe", he wrote in a blog post.

Hunt was quick to note numerous email addresses appeared to have been scraped off the web or aggregated from other sources, "so whilst the "711 million" headline is technically accurate, the number of real humans in the data is going to be somewhat less".

"The point here is that there's going to be a bunch of addresses here that simply aren't very well-formed so whilst the "711 million" headline is technically accurate, the number of real humans in the data is going to be somewhat less", said Hunt. Hunt says the Onliner release is the biggest he's ever seen-nearly doubling his previous record of 393 million records. Meanwhile, other addresses seemed to have been invented, like putting "sales" in front of domain addresses. I recommend signing up for its automatic notification service that will email you if your account is added to the site as having been compromised.

This latest list of email addresses appears to combine data from multiple breaches, making it available online for would-be hackers and scammers. Hunt notes that it's also possible that the passwords in the list are there because the mailing list was copied over from other prior leaks, many of which included credentials.

NFLPA denied notes tied to Ezekiel Elliott case
According to Article 46 of the collective bargaining agreement, there is no set timeframe in which a decision must be rendered. Following Tuesday's hearing, both sides will have until September 1 to make their final arguments to Henderson.

According to Hunt, he and Benkow have been in touch with a trusted source in the Netherlands who is communicating with law enforcement in an attempt to get spambot shut down.

Has Your Email Address and Password Been Compromised?

Damn. In the meantime, Hunt has announced that Have I Been Pwned has now incorporated the email addresses listed on the vulnerable server on its search database. He said that "a single file may contain tens or even hundreds of millions of addresses". He randomly selected a dozen email addresses, checked them against HIBP, and found that all of them had been exposed in the LinkedIn data breach.

But he added that the number that had been collated still totalled a "mind-boggling amount".

The important thing to do now is to stick your email into haveibeenpwned.com to see if yours is one of the unlucky 700 million address that has been harvested, or one of the even more unfortunate souls to have also had their passwords picked too. The site will display the breaches in which your email address was affected and what information may have been compromised.

Share