More than 700 million email addresses leaked in huge data breach

data_breach-623x432

A spambot has leaked more than 700 million email addresses and passwords publicly in a huge data breach.

The data dump occurred thanks to a misconfigured spambot, dubbed ‘Onliner’, and was discovered by a Paris-based security researcher known as Benkow.

Troy Hunt, an Australian computer security expert, who runs the breach website, Have I Been Pwned (HIBP), said in a blog post “the one I’m writing about today is 711m records, which makes it the largest single set of data I’ve ever loaded into HIBP.”

The scale and size is hard to comprehend but Hunt summed it up nicely, “that’s almost one address for every single man, woman and child in all of Europe”, he wrote.

The data was accessible due to an open and accessible web server used by spammers, and was hosted in the Netherlands. The web server stored a huge collection of email addresses and passwords that were used to send spam after breaking into the users’ accounts and sending emails from the account.

While the sheer number of leaked addresses and passwords is mind-boggling, there is some reason to be optimistic, as the actual number of real humans’ contact details contained in the dump will likely be reduced due to the number of fake and repeated email addresses contained in the data.

“The data in the dump has a bunch of junk prefixed to the address, junk which appears to be a HTML file name and may indicate the ‘address’ was scraped off the web and the parsing simply wasn’t done very well”, Hunt said. “The point here is that there’s going to be a bunch of addresses here that simply aren’t very well-formed so whilst the ‘711 million’ headline is technically accurate, the number of real humans in the data is going to be somewhat less”.

Indeed, the leaked email addresses have strong connections to the 164 million emails that were stolen from LinkedIn in May 2016. After running a random selection of different email addresses, Hunt found that “every single one of them” appeared in that data breach just over a year ago. Another set of email addresses tested, mirrored the 4.2million ones stolen from Exploit.In.

written by Shane Curtis, ESET We Live Security


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s