- Holland Tunnel decorations are a real nightmare before Christmas 1 Year Ago
- Amazon still won’t say whether ICE uses its facial recognition tech Today 1:13 PM
- Ninja to host Thursday Night Football Today 12:00 PM
- How to stream the NFL’s Week 15 for free Today 12:00 PM
- An undecorated room sets off a debate on Twitter Today 11:42 AM
- Netflix announces Taylor Swift ‘Reputation’ concert film Today 11:29 AM
- People are making memes out of these ‘leaked’ ‘Sonic the Hedgehog’ posters Today 11:12 AM
- How to watch the Liga MX final between Club América and Cruz Azul online for free Today 10:38 AM
- Parents shocked by KKK costumes in school play Today 10:11 AM
- Learn why light therapy is the key to keeping winter skin at bay Today 9:38 AM
- Laura Loomer says she’s been banned from GoFundMe Today 9:14 AM
- Here’s why we might not see the Defenders on Disney+ anytime soon Today 9:09 AM
- 23 smokin’ hot gifts for your stoner friend Today 8:49 AM
- Trump declares that he never told Michael Cohen to do any crimes Today 8:37 AM
- What does this toy ‘dinosaur’ look like to you? Today 8:18 AM
711 million emails leaked by spambot: Here’s how to check if you’re vulnerable
It’s time to change your password again.
Troy Hunt, head of “Have I Been Pwned” (HIBP), a site that’ll show you if your email or username has been exposed by a security breach, says it’s the “largest single set of data” he has ever added to the service. “Just for a sense of scale, that’s almost one address for every single man, woman, and child in all of Europe,” Hunt wrote in a blog post.
— Benkow moʞuƎq (@benkow_) August 29, 2017
The spambot, or program designed to harvest email addresses so it can send them spam, is dubbed “Onliner.” It was discovered thanks to a poorly configured web server that accidentally leaked its own mailing list.
“The sheer size of the breach is alone a cause for concern, let alone the damage it could cause further down the line,” Brian Laing, VP of products and business development at cybersecurity company Lastline, told the Daily Dot in an email. “This breach is an example of how hackers merge data from multiple sources, building dossiers on potential victims, including spear phishing targets. In this instance, the majority of the passwords in the latest security breach appear to have been collated from previous leaks, including the 2012 LinkedIn data breach.”
Because it uses leaked email addresses, the spambot can bypass spam filters and go right into someone’s main inbox, tricking them into opening a malicious attachment. According to Benkow, 80 million of the 711 million accounts are being used as senders to target the remaining 631 million. First, the hacker sends a “fingerprinting email,” which contains a hidden pixel-sized image. When opened, the email transmits device information back to the hacker who targets Windows machines (iPhone, Mac, and Android users are safe) with a follow-up email containing malware.
The emails have been disguised as invoices from government agencies, hotel reservation details, and DHL shipping notifications. So far, more than 100,000 people have been infected around the world, Benkow told ZDNet. Those infected feel the force of Ursnif, a trojan malware that steals personal information, including usernames, passwords, and credit card info.
You can check if your email address has been breached using Hunt’s HIBP website (it probably has). Just load up the page and put your email addresses and usernames in the search bar, take a deep breath, and press “pwned?”
As long as you don’t reuse passwords and are careful about opening email attachments, you shouldn’t worry about getting your personal data stolen.
Phillip Tracy is a former technology staff writer at the Daily Dot. He's an expert on smartphones, social media trends, and gadgets. He previously reported on IoT and telecom for RCR Wireless News and contributed to NewBay Media magazine. He now writes for Laptop magazine.