hacker cybersecurity spambot malware ransomeware

Photo via PORTRAIT IMAGES ASIA BY NONWARIT/Shutterstock (Licensed)

711 million emails leaked by spambot: Here’s how to check if you’re vulnerable

It's time to change your password again.


Phillip Tracy


Posted on Aug 31, 2017   Updated on May 22, 2021, 6:48 pm CDT

A cybersecurity researcher who goes by “Benkow” discovered a spambot that can target 711 million email addresses.

Troy Hunt, head of “Have I Been Pwned” (HIBP), a site that’ll show you if your email or username has been exposed by a security breach, says it’s the “largest single set of data” he has ever added to the service. “Just for a sense of scale, that’s almost one address for every single man, woman, and child in all of Europe,” Hunt wrote in a blog post.


The spambot, or program designed to harvest email addresses so it can send them spam, is dubbed “Onliner.” It was discovered thanks to a poorly configured web server that accidentally leaked its own mailing list.

“The sheer size of the breach is alone a cause for concern, let alone the damage it could cause further down the line,” Brian Laing, VP of products and business development at cybersecurity company Lastline, told the Daily Dot in an email. “This breach is an example of how hackers merge data from multiple sources, building dossiers on potential victims, including spear phishing targets. In this instance, the majority of the passwords in the latest security breach appear to have been collated from previous leaks, including the 2012 LinkedIn data breach.”

Because it uses leaked email addresses, the spambot can bypass spam filters and go right into someone’s main inbox, tricking them into opening a malicious attachment. According to Benkow, 80 million of the 711 million accounts are being used as senders to target the remaining 631 million. First, the hacker sends a “fingerprinting email,” which contains a hidden pixel-sized image. When opened, the email transmits device information back to the hacker who targets Windows machines (iPhone, Mac, and Android users are safe) with a follow-up email containing malware.

The emails have been disguised as invoices from government agencies, hotel reservation details, and DHL shipping notifications. So far, more than 100,000 people have been infected around the world, Benkow told ZDNet. Those infected feel the force of Ursnif, a trojan malware that steals personal information, including usernames, passwords, and credit card info.

You can check if your email address has been breached using Hunt’s HIBP website (it probably has). Just load up the page and put your email addresses and usernames in the search bar, take a deep breath, and press “pwned?”

As long as you don’t reuse passwords and are careful about opening email attachments, you shouldn’t worry about getting your personal data stolen.

Share this article
*First Published: Aug 31, 2017, 12:19 pm CDT