The world’s largest spambot dump has been uncovered, holding some 711 million email accounts. Previously, the largest such trove of data came from the River City Media database, holding over 393 million records.
The data was uncovered by a security research going by the pseudonym Benkow . He found the data on a web server hosted in the Netherlands, which stored dozens of text files with huge batches of email addresses, passwords, and email servers that were being used to send spam.
Dubbed “Onliner,” the spambot was used to deliver banking malware into Inboxes from all over the world. Benkow told ZDNet that it has been responsible for more than 100,000 unique infections.
Benkow shared the data he found with Troy Hunt, the researcher who runs the site Have I Been Pwned, a breach notification platform. Basically, if your email was ever involved in a security breach of any kind, be it data dump or a hacker incident, then you’ll find your information there by simply running a check on your address. Of course, the site only runs with the mountains of information available at large online or on the dark web.
While the number is huge, we should mention that the 711 million records on the database does not mean there are 711 million unique addresses. As Hunt found, some of them can be duplicates. Even so, the number is huge. Furthermore, many of these addresses were already in the Have I Been Pwned database as part of other breaches, such as the LinkedIn hack.
Thankfully, for most people involved, email spam filters are getting better and better, so even if you’re on one of these lists, you may not even get to see these messages at all, whether they’re selling Viagra or offering you some unknown fortune from a prince somewhere.
How to protect yourself against a spambot
Everyone, of course, is advised to change their passwords again, on the chance that they weren’t hashed and attackers had access to them in plain text. Truth be told, if you were to get hacked, you’d have been hacked by now, mostly because this information has been out there for a while now, and hackers have had access to it for a long time. Just because it’s now getting discovered, does not mean that it’s new.
Using a password manager is also advisable, as well as generating random passwords that you’d otherwise forget. As always, don’t re-use your passwords because if one of your accounts is compromised, the others can be too.