Spambot Compromises Over 700 Million Email Accounts: You Should Probably Change Your Password Right Now
Users around the world should probably change passwords right now, as a spambot was discovered to have compromised over 700 million email accounts.
This is probably the biggest spambot dump that the world has ever seen, further pushing the issue of cybersecurity into the spotlight for the tech industry.
Spambot Leaks Over 700 Million Email Accounts
A spambot dubbed Onliner was discovered by a Paris-based security researcher, known only as Benkow, to have ensnared 711 million email accounts.
Benkow came across an open and accessible Netherlands-hosted web server that hosts dozens of text files that contain a massive number of email addresses, their passwords, and email servers. Spammers utilize these credentials to bypass the spam filters of email services.
The spam that is being distributed by Onliner, in addition, is nowhere near harmless. The spambot is used to spread a banking malware known as Ursnif to the inboxes of users all over the world. According to Benkow, Onliner has led to over 100,000 unique infections of Ursnif, which steals data such as login credentials and credit card information.
In a blog post by Benkow further detailing the spambot, he noted that the emails that it sends appear nothing out of the ordinary. However, they contain a pixel-sized image that is hidden from the naked eye. Once the e-mail is open, the image sends back the user's IP address and information that signal which targets should be attacked. The attacker then sends out another batch of emails that contain Ursnif to the identified victims.
How To Check If You Are Affected By Onliner Spambot Leak
According to Australian cybersecurity expert Troy Hunt, the operator of the website Have I Been Pwned, the set of compromised email accounts from Onliner is the biggest one that he had ever loaded into HIBP.
It should be noted that, of the 711 million email accounts, not all of them are linked to accounts held by real people. In addition, some of the information was scraped from previously reported leaks. However, this does not mean that users should take the spambot leak lightly.
To check if your email account is among the ones compromised by the Onliner spambot, you can access the Have I Been Pwned website and type in your email address. Hunt himself found his email account among the ones snared by Onliner, so do not be surprised if yours also appears to have been compromised.
Users who receive confirmation that their email address was compromised should change their password as soon as they find out.