- How to watch ‘Game of Thrones’ season 8, episode 2 for free Today 7:00 AM
- Gendry is making a new weapon for Arya Stark—but what is it? Today 6:30 AM
- The live-action Halo series could be Showtime’s most ambitious project yet Today 6:00 AM
- How to watch Turner Classic Movies for free Today 5:30 AM
- How to watch Real Madrid vs. Athletic Bilbao online for free Today 5:00 AM
- ‘Star Trek’s Jonathan Frakes calls out your lies with this new meme Saturday 3:46 PM
- #JusticeForLucca trends after video shows police slam Black teen’s head into pavement Saturday 3:11 PM
- The internet is shocked to learn that Goombas do, in fact, have arms Saturday 2:02 PM
- PayPal, GoFundMe cut off armed militia that detains migrants at border Saturday 1:16 PM
- Barnwood theft may be on the rise because of ‘Fixer Upper’—and fans aren’t having it Saturday 12:23 PM
- Literary Twitter calls out Dzanc Books for Islamophobic, racist novel Saturday 11:40 AM
- How to watch Crawford vs. Khan online Saturday 10:00 AM
- Beyoncé has 2 more projects coming to Netflix after ‘Homecoming’ Saturday 9:53 AM
- How to watch Danny Garcia vs. Adrian Granados for free Saturday 9:00 AM
- The ‘Feeling Cute Challenge’ turns ugly after correctional officers abuse it Saturday 7:30 AM
711 million emails leaked by spambot: Here’s how to check if you’re vulnerable
It’s time to change your password again.
Troy Hunt, head of “Have I Been Pwned” (HIBP), a site that’ll show you if your email or username has been exposed by a security breach, says it’s the “largest single set of data” he has ever added to the service. “Just for a sense of scale, that’s almost one address for every single man, woman, and child in all of Europe,” Hunt wrote in a blog post.
— Benkow moʞuƎq (@benkow_) August 29, 2017
The spambot, or program designed to harvest email addresses so it can send them spam, is dubbed “Onliner.” It was discovered thanks to a poorly configured web server that accidentally leaked its own mailing list.
“The sheer size of the breach is alone a cause for concern, let alone the damage it could cause further down the line,” Brian Laing, VP of products and business development at cybersecurity company Lastline, told the Daily Dot in an email. “This breach is an example of how hackers merge data from multiple sources, building dossiers on potential victims, including spear phishing targets. In this instance, the majority of the passwords in the latest security breach appear to have been collated from previous leaks, including the 2012 LinkedIn data breach.”
Because it uses leaked email addresses, the spambot can bypass spam filters and go right into someone’s main inbox, tricking them into opening a malicious attachment. According to Benkow, 80 million of the 711 million accounts are being used as senders to target the remaining 631 million. First, the hacker sends a “fingerprinting email,” which contains a hidden pixel-sized image. When opened, the email transmits device information back to the hacker who targets Windows machines (iPhone, Mac, and Android users are safe) with a follow-up email containing malware.
The emails have been disguised as invoices from government agencies, hotel reservation details, and DHL shipping notifications. So far, more than 100,000 people have been infected around the world, Benkow told ZDNet. Those infected feel the force of Ursnif, a trojan malware that steals personal information, including usernames, passwords, and credit card info.
You can check if your email address has been breached using Hunt’s HIBP website (it probably has). Just load up the page and put your email addresses and usernames in the search bar, take a deep breath, and press “pwned?”
As long as you don’t reuse passwords and are careful about opening email attachments, you shouldn’t worry about getting your personal data stolen.
Phillip Tracy is a former technology staff writer at the Daily Dot. He's an expert on smartphones, social media trends, and gadgets. He previously reported on IoT and telecom for RCR Wireless News and contributed to NewBay Media magazine. He now writes for Laptop magazine.