Change your email password now More than 700 million account details are leaked in the biggest hack ever

Change your email password now More than 700 million account details are leaked in the biggest hack ever
Photo Credit To Shutterstock

 

More than 700 million email addresses and a number of passwords have been leaked in what could be the biggest spambot dump ever seen.

The data dump is believed to have originated with a spambot called Onliner in the Netherlands.

The information was leaked after cyber criminals allowed visitors to their servers to download their database without needing a username or password.

Users of affected accounts are advised to change their passwords as soon as possible to avoid being further compromised.

One of the largest data breaches ever has led to more than 700 million email addresses and a number of passwords becoming publicly available. A spambot has leaked more than 700 million email addresses in massive data breach

HOW TO PROTECT YOURSELF

Australian computer security expert Troy Hunt runs the website Have I Been Pwned (HIBP).

It lets you check whether your account has been breached by data leaks, including the most recent Onliner spambot leak.

Users of affected accounts are advised to change their passwords as soon as possible to avoid being further compromised.

You can check if your account has been compromised here.  

 Australian computer security expert Troy Hunt runs the website Have I Been Pwned (HIBP), which lets you check whether your account has been breached by leaks.

You can check if your account has been compromised here.

He was the first to raise the alarm over the data dump.

The bot behind it is designed to spread malware that steals bank details and causes people’s devices to transmit the virus, as well as pumping out spam messages used by internet criminals in online scams.

Mr Hunt said that the 711 millions records leaked ‘makes it the largest single set of data I’ve ever loaded into HIBP.’

Writing in a blog post today, he added: ‘Just for a sense of scale, that’s almost one address for every single man, woman and child in all of Europe.

‘The first place to start is with an uncomfortable truth: my email address is in there. Twice.

‘Finding yourself in this data set unfortunately doesn’t give you much insight into where your email address was obtained from nor what you can actually do about it.

Shown here is a a screenshot from the server being used to store the sensitive private data. The screensshot was taken by Troy Hunt, an Australian computer security expert

Shown here is a a screenshot from the server being used to store the sensitive private data. The screensshot was taken by Troy Hunt, an Australian computer security expert

‘I have no idea how this service got mine, but even for me with all the data I see doing what I do, there was still a moment where I went “ah, this helps explain all the spam I get”.’

The leak also contained millions of passwords, which may have been collected in an effort to break into email accounts and turn them to spam.

The majority of the passwords in the latest security breach appear to have been collated from previous leaks.

Mr Hunt runs the Have I Been Pwned site, where which lets you check whether your account has been breached by leaks. Email addresses that are unaffected will result in this screen being displayed

Mr Hunt runs the Have I Been Pwned site, where which lets you check whether your account has been breached by leaks. Email addresses that are unaffected will result in this screen being displayed

Users whose accounts have been breached will see this screen, which also lets you check details of when the breach occurred and if your email address has been pasted publicly on sites like Pastebin

Users whose accounts have been breached will see this screen, which also lets you check details of when the breach occurred and if your email address has been pasted publicly on sites like Pastebin

For instance, one set mirrors the more than a million passwords stolen from LinkedIn in 2012.

Although there are more than 700m email addresses in the data, the number of genuine accounts may be far lower.

Many of the addresses were duplicates and variations on a particular domain, perhaps based on previously ‘scraped’ data which can be automatically extracted from public websites.

Some were seemingly guessed at by the spammers by adding a prefix to a domain name, for example sales@domainname.com.

The majority of the passwords appear to have been collated from previous leaks. For instance, one set mirrors the 164 million stolen from LinkedIn in May 2016

It said hacker stole 117 million user emails and passwords in the breach – up from the 6.5 million user credentials that the company originally said were compromised.

Those 6.5 million passwords were reset in 2012 and the company advised the rest of its users to change their passwords too.

The hacker, who goes by the name ‘Peace,’ was trying to sell the passwords on the dark web for five bitcoins, or about $2,200 (£1,700), according to a Forbes report.

Cyber security experts say news such as this this should serve as a reminder that passwords should be changed frequently, ideally every few months.

Read more: https://www.troyhunt.com/inside-the-massive-711-million-record-onliner-spambot-dump/

Mail online

PERCEPTIONS

Post source : https://www.troyhunt.com/inside-the-massive-711-million-record-onliner-spambot-dump/

Related posts