Samedi, 16 Février 2019
Dernières nouvelles
Principale » Fautly spambot leaks 711 million email addresses

Fautly spambot leaks 711 million email addresses

31 Août 2017

In what could be one of the largest data breaches ever, a misconfigured spambot has inadvertently revealed it contains 711 million email addresses as well as a number of passwords.

By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.

An unknown hacker has gathered up to 711 million email accounts stored on an "open and accessible" server in the Netherlands, ZDNet reports.

Benkow, who also wrote up his findings in a blog post, has spent months digging into the Ursnif malware, a data-stealing trojan used to grab personal information such as login details, passwords, and credit card data, researchers have said. Ursnif, in turn, steals banking credentials and is able to download further malware on an infected computer.

Damn. In the meantime, Hunt has announced that Have I Been Pwned has now incorporated the email addresses listed on the vulnerable server on its search database.

Troy Hunt, who runs the security alert site HaveIBeenPwned, described the breach as the largest he's ever loaded into his security database, and that it's "almost one address for every single man, woman and child in all of Europe".

"The data in the dump has a bunch of junk prefixed to the address, junk which appears to be an HTML file name and may indicate the "address" was scraped off the web and the parsing simply wasn't done very well". If you are using any of the email address leaked in past leaks, change your password now.

Oil prices fall as refinery production dips in US
Motiva Enterprises said it will reduce the capacity at its Port Arthur refinery in Texas, the largest in the country, by 60%. USA gasoline prices surged to two-year highs on Monday at $1.7799 per gallon.

Hunt also points out that not every compromised credential is new, with millions corresponding to compromised credentials already listed on his website, indicating how this data is continually redistributed once it is in the public domain.

Benkow found a total of 80 million sets of email addresses, passwords, and SMTP configuration records in the directory.

The emails sent appeared to include an nearly invisible 1x1 pixel GIF. The accounts that don't work are ignored.

It is hard to know how this list was curated but it contains emails leaked in previous data breaches.The list contains email address scrapped from different other data breaches, such as LinkedIn, MySpace and Dropbox. When the email is open, the pixel image sends back the IP address and user-agent information, used to identify the type of computer, operating system, and other device information. Yet another reminder not to open spam.

Benkow highlighted the importance of spambots as a key element in cyber attacks.

Benkow said that narrowing down of would-be victims is key to ensuring the success of the malware campaign. If you're looking to confirm whether or not your email ID credentials have been leaked to, visit the website.

Fautly spambot leaks 711 million email addresses