In what is likely one of the largest ever reported data breaches, over 700 million email addresses, and some passwords, have been leaked via a spambot – there is a good chance you be affected!
Often when we hear of data breaches, it’s a company or other trusted organisation which has either failed to correctly secure their site/services, only to have their data compromised; or due to targeted attack by hackers, who steal information and then release it to the public (or for private sale). Such data is often harvested by spammers who then use the email addresses to target you with Unsolicited Bulk Email, or possibly for more targeted attacks.
Ironically, in this case, the source of this leak was a misconfigured spambot. For a period of time, visitors to the spambot server could download gigabytes of information. Contained within were not only email addresses, but also in some cases passwords.
It should be noted that not all of the 700m+ email addresses will be valid – they could be now defunct accounts, with details harvested from previous compromises, or they could have been harvested by scouring the internet.
Password collected and available through this data breach could have been used in an attempt by the spambot to log into a user’s email service and then send SPAM email to new victims, while masquerading as the original user (we’ve all seen that happen, right!).
For the full low-down on this malware, you should pop over to the blog of Troy Hunt, of “Have I Been Pwned” (HIBP) fame – where he has written this post about how he was alerted to this new data dump.
If you’re not familiar with HIBP, it’s highly worth checking out. Even if you do not trust the intention and integrity of the service, it’s well worth a read!