More Than 700 Million Email Addresses and Passwords Leaked
A misconfigured spambot could be responsible for the leak of around 711 million email addresses, servers and passwords, which would make it one of the largest data breaches to date.
While the number of addresses linked to real human beings will be much lower, as there are some fake and repeated emails in the database, this is still a massive breach. To put it into perspective, security researcher Troy Hunt wrote that 711 million emails is “almost one address for every single man, woman and child in all of Europe.”
Hunt and other analysts have reported the information is being stored on an “open and accessible” server in the Netherlands. The data set came from hackers who are using the information on these servers to send spam through legitimate accounts, which allows them to bypass filters. ZDNet reported these unknown parties are sending unsuspecting users spam emails that includes Ursnif malware. This can steal large amounts of data, including banking information, from browsers and software.
The Paris-based security researcher known only as Benkow initially discovered the breach and believes Ursnif is responsible for 100,000 unique infections across the world. He further explained on his blog that the email and passwords on this server have been collated from earlier data breaches, including the 2012 LinkedIn hack.
The server has been reported to authorities so it can be deleted from the web.
Consumers may want to see if their email has been breached on Have I Been Pwned. If your email appears on that list, change your password.