Over 711 million email records, including passwords have been leaked in one of the largest data breaches in history. The spambot captured millions of email and server login credentials, as part of the spammer's massive malware campaign to bypass spam filters by sending spam emails via "legitimate" email servers.
"Just for a sense of scale, that's almost one address for every single man, woman and child in all of Europe," Australian security researcher Troy Hunt who runs the HaveIBeenPwned (HIBP) data breach notification site, said in his blog.
According to Hunt, the data leaked was a "mind-boggling amount". Hunt said that even his own email address was part of the massive trove leaked. However, the actual number of records may be lower as some of the data has been repeated or is not unique.
The massive trove of data was scooped by the Onliner spambot and was discovered by a security researcher who goes by the pseudonym Benkow. The researcher discovered the data in a publicly accessible and unsecured server hosted in Netherlands. According to Benkow the spambot was also used to spread the Ursnif data-stealing banking malware, which researchers say also comes with spy features such as taking screenshots, keystroke logging and more.
"It's difficult to know where those lists of credentials came from. One part (~2 millions) seems to come from a Facebook phishing campaign, those I have tested seems to be working and were not on HIBP," Benkow said in his blog.
Hunt also discovered that part of the data trove, when checked against HIBP, came from the LinkedIn data breach, as well as other hacks. A list of around 80 million accounts, which contained email addresses, passwords as well as SMTP server details were also part of the leaked trove. The spammers used the 80 million servers to send nearly 630 million targets "fingerprinting" emails, in efforts to scope out the targets, ZDNet reported.
"What's scary about the spambot leak is that this data has been scraped and scavenged from older data breaches," Ross Brewer, vice president and managing director EMEA at LogRhythm told IBTimes UK. "It's becoming increasingly easy for individuals' data to fall into the wrong hands, which means hackers no longer need to implement sophisticated attacks. The reality is that, because of these regular data dumps, no one's data is safe."
Hunt said that both he and Benkow have contacted a "trusted source" in Netherlands, where the spambot's IP address is located, to get law enforcement to shut down the spambot.
How to find if you are affected?
Hunt has uploaded all 711 million records onto HIBP. You can head to the site and check if you have been affected by the breach. In the event that you do find your email in the data trove, it is imperative that you change your passwords immediately.
"The first thing people need to do is, unsurprisingly, change their passwords. A virtual key to your online accounts, breaches like these reinforce the argument that passwords should be changed on a regular basis — and not just when a company has been breached," Brewer told us.