711 million email addresses have been discovered to have leaked online as part of the largest spam campaign in history – here is what is going on and how to find out if your email has been leaked.
A giant spambot (software that automatically sends spam email) has been discovered with a whopping 711 million email addresses at its disposal. The spambot – named Onliner – was discovered by a security researcher named Benkow and has been configured to connect to a server based in the Netherlands. And on that server is the 711 million email addresses.
The Onliner spambot can use that epic database of email addresses to send victims malicious attachments that – if opened – will install a version of banking malware called Ursnif onto a victim’s computer.
It gets worse, however. The large database of emails doesn’t just contain email addresses. Many of the emails have also been coupled with their respective passwords as well as other [SMTP] information. This allows a spammer to hijack legitimate email servers using the leaked credentials to send even more spam that may not be recognised by spam junk filters.
Basically, the more emails/password/SMTP credentials the spammer has, the more spam they can send. And that spam will look legitimate to junk filters because they come from otherwise legitimate email servers.
Has my email address been leaked, and if so, should I be worried?
First thing’s first – check if your email address is part of the 711 million leaked emails.
This is easy – simply visit the Have I Been Pwned website operated by Troy Hunt and enter your email address. That will tell you what (if any) breaches that have seen your data leaked online. Regarding this case, the breach will appear as Onliner Spambot.
If your email address appears, don’t panic!/ The chances are that it is just your email address that has been leaked and nothing else. This means that you’ll more than likely get some scammy emails coming your way – but as long as you know how to spot them (e.g. don’t open email attachments unless you were expecting them) then you should be okay. Annoying yes, but not an online security disaster.
However, there is a chance that your email password has also been leaked and spammers are using your credentials to send others spam (and it means that someone could potentially access your email account) so we do recommend that if your email address does appear, then it’s best to change that email password as soon as you can.
How did spammers get my email (and possibly my password) ?
How all these emails and passwords ended up together on a web server in the Netherlands is not known exactly, but much of the information appears largely to be a culmination of previous breaches. (This means there is a good chance that you’ll have more than one entry in the Have I Been Pwned website.)
It is also worth remembering that if you find that your email address has been leaked, and you re-use the same password and email combination on other online accounts, it is worth changing your password on those accounts too.