Home » News » Onliner Spambot leaks 711 million email addresses

Onliner Spambot leaks 711 million email addresses

Wednesday, 6 September, 2017

A treasure trove of 711 million email addresses have been harvested by a spambot called ‘Onliner’, putting millions of people at risk of criminal activity.

It’s thought the attack originated in Holland. Law enforcement agencies were contacted as soon as the leak was discovered, but as of 6 September 2017 the software is still up and running.

The spambot hoovers up email addresses so it can then send spam out to them, while stealing passwords enables those behind the attack to hack into user’s accounts.

Troy Hunt, owner of the haveibeenpwned (HIBP) website, warned that the attack is the biggest ever on record for this kind of cyber violation.

HIBP is a website that allows internet users to check if their personal data has been compromised by breaches.

Onliner Spambot leaks 711 million email addresses

Troy Hunt explained that it took examining 110 data breaches over two years to accumulate 711m addresses and here, astonishingly, we have that number in one fell swoop.

Writing in his blog, Hunt said: “Last week I was contacted by someone alerting me to the presence of a spam list – a big one. I’ve loaded ‘big’ spam lists into HIBP before, the largest to date has been a mere 393m records.

“The one I’m writing about today is 711m, which makes it the largest single set of data ever loaded into HIBP. Just for a sense of scale, that’s almost one address for every single man, woman and child in all of Europe.

“The unfortunate reality for all of us is our email addresses are a simple commodity that’s shared and traded with reckless abandon, used by unscrupulous parties to bombard us with everything from Viagra offers to promises of enormous overseas wealth (if only we make a small payment up front, of course).

That, unfortunately, is life on the web today.”

So what can you do now to make sure you’ve not been hit? Firstly, head over to https://haveibeenpwned.com/. Then, type in your email address and it will tell you if your email has been compromised. If so, it is strongly recommended that you immediately change your password.

It is recommended that you use a password manager and try as much as you can to create strong, unique passwords.

In fact, Hunt says: “Enable multi-step verification on everything you store online, this renders the credentials alone absolutely useless.”

MAIN IMAGE: Mike Mozart/Flickr

Tim Bamford author picture


Tim is a veteran freelance journalist writing extensively on internet news and cybersecurity.

News What's the story?

Keep up with the latest developments in UK broadband.

UK ISPs remove data caps during pandemic

The UK’s biggest broadband providers have agreed not to limit internet allowances during the current crisis.

UK ISPs remove data caps during pandemicUK ISPs remove data caps during pandemic Read more

The rise and rise of Chinese tech firms

Read more

The new homes with 1GB broadband connections

Why a new build offers your best chance for full-fibre speeds

Read more

What are ISPs and internet services doing to help during the Coronavirus crisis?

Read more

Help Learn with us

Make the most of the internet with our broadband library.

Can you access the Dark Web without the Tor browser?

Can you access the Dark Web without the Tor browser?Can you access the Dark Web without the Tor browser? Read more

The best music streaming services

Read more

How mesh WiFi can improve home broadband

Read more