- Trump quotes conspiracy theorist saying he’s the ‘second coming of God’ 2 Years Ago
- Parkland teens announce massive gun reform proposal 2 Years Ago
- Here’s how you can get a free palm reading online Today 8:48 AM
- ‘The Matrix 4’ is happening with Keanu Reeves and Carrie-Anne Moss Today 7:17 AM
- Fantasy football 2019: Your team-by-team NFC preview Today 7:00 AM
- The 10 best science podcasts to teach you about our world Today 6:00 AM
- How to make sure you have access to every Instagram filter Today 6:00 AM
- Trump accuses Jewish Democrats of having ‘great disloyalty’ or a ‘lack of knowledge’ Tuesday 8:02 PM
- 1 million ‘anonymous’ users of popular porn site exposed in breach Tuesday 6:56 PM
- Khloé Kardashian angers followers with a calorie-counting joke about True Tuesday 6:14 PM
- Spider-Man may no longer be part of the Marvel Cinematic Universe Tuesday 5:28 PM
- Robert De Niro’s company is suing ex-employee for binge-watching Netflix at work Tuesday 4:41 PM
- Intentionally misgendering a character could get you banned from Borderlands 3 Tuesday 4:06 PM
- Facebook pulls Trump re-election ad for targeting ‘strong women’ Tuesday 4:03 PM
- Kamala Harris says she will restore net neutrality if elected Tuesday 3:16 PM
711 million emails leaked by spambot: Here’s how to check if you’re vulnerable
It’s time to change your password again.
Troy Hunt, head of “Have I Been Pwned” (HIBP), a site that’ll show you if your email or username has been exposed by a security breach, says it’s the “largest single set of data” he has ever added to the service. “Just for a sense of scale, that’s almost one address for every single man, woman, and child in all of Europe,” Hunt wrote in a blog post.
The spambot, or program designed to harvest email addresses so it can send them spam, is dubbed “Onliner.” It was discovered thanks to a poorly configured web server that accidentally leaked its own mailing list.
“The sheer size of the breach is alone a cause for concern, let alone the damage it could cause further down the line,” Brian Laing, VP of products and business development at cybersecurity company Lastline, told the Daily Dot in an email. “This breach is an example of how hackers merge data from multiple sources, building dossiers on potential victims, including spear phishing targets. In this instance, the majority of the passwords in the latest security breach appear to have been collated from previous leaks, including the 2012 LinkedIn data breach.”
Because it uses leaked email addresses, the spambot can bypass spam filters and go right into someone’s main inbox, tricking them into opening a malicious attachment. According to Benkow, 80 million of the 711 million accounts are being used as senders to target the remaining 631 million. First, the hacker sends a “fingerprinting email,” which contains a hidden pixel-sized image. When opened, the email transmits device information back to the hacker who targets Windows machines (iPhone, Mac, and Android users are safe) with a follow-up email containing malware.
The emails have been disguised as invoices from government agencies, hotel reservation details, and DHL shipping notifications. So far, more than 100,000 people have been infected around the world, Benkow told ZDNet. Those infected feel the force of Ursnif, a trojan malware that steals personal information, including usernames, passwords, and credit card info.
You can check if your email address has been breached using Hunt’s HIBP website (it probably has). Just load up the page and put your email addresses and usernames in the search bar, take a deep breath, and press “pwned?”
As long as you don’t reuse passwords and are careful about opening email attachments, you shouldn’t worry about getting your personal data stolen.
Phillip Tracy is a former technology staff writer at the Daily Dot. He's an expert on smartphones, social media trends, and gadgets. He previously reported on IoT and telecom for RCR Wireless News and contributed to NewBay Media magazine. He now writes for Laptop magazine.