If Your Email Address Is One Of The 71,000,000 On This List, Change Your Password Now
Your email address is incredibly valuable. Yes, even that terribly embarrassing one you made in your early teens. Why? Because your email address is linked to practically every personal bit of information you own. Meaning that, on the black market, your email address is priceless.
The scandal was originally discovered by a Paris-based security expert and blogger, who calls himself Benkow, but was confirmed and brought to wider attention by the ZDnet news site.
If that wasn’t already alarming enough, then you won’t be prepared for this.
A spambot based in the Netherlands has harvested a whopping 711,000,000 email addresses, in what is thought to be one of the largest spam dumps of all time. The email addresses have been used to spread spam and a rather sinister banking malware.
Not only does the extensive list contain email addresses, but passwords too. It has been designed, as part of a large scale operation, that will bypass spam filters and scope out victims for malware attacks. Meaning that spammers can use your email address to send out sinister emails aimed at trapping other users.
In a statement, Benkow said that it was “difficult to know where [the] credentials had come from”, but did suggest that they possibly harvested the stolen information from previous leaks and a Facebook phishing campaign, along with the illegal sales of hacking victims’ details.
Luckily, there is an easy way to check if you are on the list…
You may think that it’s just you passwords you need to be very protective of when you’re online, but it seems that not even your personal email is safe these days.
Benkow explained how one incriminating method the spambot utilizes is hiding tiny pixel-sized images in the emails it had already sent out, which are then used to collect information about recipients’ computers and data history.
Luckily there is a simple way to check if you have been affected.
The anti-hacker site, haveibeenpwned.com, was crafted to store the information of those who have had their information leaked. Which essentially means that if you input your email address into the site and it comes back with results, you have been hacked at some point and it’s time to change your password.
Troy Hunt, the owner of haveibeenpwned.com was left shocked by the spam database, calling it “the largest single set of data I’ve ever loaded into HIBP. Just for a sense of scale, that’s almost one address for every single man, woman and child in all of Europe.”
In addition, Richard Cox, who is the former chief information officer of the Spamhaus project, revealed to BBC news that, “while the list of mailable addresses is quite large, it is probably no larger than any seen previously.” However, he then added a staggering and frightening prediction;
“The lists of compromised accounts are more worrying.
When compromised accounts are used for spam, they can only be stopped by their providers suspending the account – but when that many are involved, it will severely overload the security/abuse departments of those providers, making it a slow process and that is what keeps the spam flowing.”
The spam site was discovered after the bot misconfigured, allowing anyone to access the data it holds. Any visitor was able to download gigabytes of data, without having any authority. Alarmingly, it is impossible to tell how many people have made copies of the extensive list.
Currently, the spambot is still up and running. Hunt is applying pressure on authorities in the Netherlands to have the database shut down.
In the meantime, Benkow informed the BBC of the necessary and protective steps any and all affected users could take:
“I recommend you to change your password, and be more vigilant with the emails that you receive, now you know that you’re on malware deliverers’ lists.”
Read more here!