- Panama Papers law firm sues Netflix over ‘The Laundromat’ 2 Years Ago
- ‘Motherless Brooklyn’ is a gorgeous noir with little below the surface Today 1:14 PM
- Jameela Jamil and Sara Sampaio got in a Twitter feud over ‘long-starved’ models Today 12:52 PM
- Freddie Prinze Jr. will straight-up school you about the Force don’t @ him Today 12:18 PM
- Woman hosts Instagram funeral after she ‘killed’ $102K in student debt Today 11:45 AM
- YouTube beats Netflix as go-to streaming platform for teens Today 11:41 AM
- The tallest man in America posts emotional YouTube video from hospital room Today 11:31 AM
- Nintendo Switch subreddit implodes amid Hong Kong protests Today 11:14 AM
- Biden yelling at Warren becomes relatable workplace meme Today 10:33 AM
- Tulsi Gabbard was conservatives’ favorite debater Today 10:07 AM
- ‘Rogue One’ co-writer to direct several episodes, write the pilot for Cassian Andor series Today 9:50 AM
- ‘The Two Popes’: Anthony Hopkins and Jonathan Pryce shine in Netflix’s pope comedy Today 8:57 AM
- AOC, ‘Squad’ to endorse Bernie Sanders Today 8:44 AM
- ‘Ghosts of Sugar Land’ explores what happens if your friend joins ISIS Today 7:00 AM
- Andrew Yang upset porn fans with his criticism of Bing Tuesday 10:34 PM
711 million emails leaked by spambot: Here’s how to check if you’re vulnerable
It’s time to change your password again.
Troy Hunt, head of “Have I Been Pwned” (HIBP), a site that’ll show you if your email or username has been exposed by a security breach, says it’s the “largest single set of data” he has ever added to the service. “Just for a sense of scale, that’s almost one address for every single man, woman, and child in all of Europe,” Hunt wrote in a blog post.
The spambot, or program designed to harvest email addresses so it can send them spam, is dubbed “Onliner.” It was discovered thanks to a poorly configured web server that accidentally leaked its own mailing list.
“The sheer size of the breach is alone a cause for concern, let alone the damage it could cause further down the line,” Brian Laing, VP of products and business development at cybersecurity company Lastline, told the Daily Dot in an email. “This breach is an example of how hackers merge data from multiple sources, building dossiers on potential victims, including spear phishing targets. In this instance, the majority of the passwords in the latest security breach appear to have been collated from previous leaks, including the 2012 LinkedIn data breach.”
Because it uses leaked email addresses, the spambot can bypass spam filters and go right into someone’s main inbox, tricking them into opening a malicious attachment. According to Benkow, 80 million of the 711 million accounts are being used as senders to target the remaining 631 million. First, the hacker sends a “fingerprinting email,” which contains a hidden pixel-sized image. When opened, the email transmits device information back to the hacker who targets Windows machines (iPhone, Mac, and Android users are safe) with a follow-up email containing malware.
The emails have been disguised as invoices from government agencies, hotel reservation details, and DHL shipping notifications. So far, more than 100,000 people have been infected around the world, Benkow told ZDNet. Those infected feel the force of Ursnif, a trojan malware that steals personal information, including usernames, passwords, and credit card info.
You can check if your email address has been breached using Hunt’s HIBP website (it probably has). Just load up the page and put your email addresses and usernames in the search bar, take a deep breath, and press “pwned?”
As long as you don’t reuse passwords and are careful about opening email attachments, you shouldn’t worry about getting your personal data stolen.
Phillip Tracy is a former technology staff writer at the Daily Dot. He's an expert on smartphones, social media trends, and gadgets. He previously reported on IoT and telecom for RCR Wireless News and contributed to NewBay Media magazine. He now writes for Laptop magazine.