Home » News » Onliner Spambot leaks 711 million email addresses

Onliner Spambot leaks 711 million email addresses

Wednesday, 6 September, 2017

A treasure trove of 711 million email addresses have been harvested by a spambot called ‘Onliner’, putting millions of people at risk of criminal activity.

It’s thought the attack originated in Holland. Law enforcement agencies were contacted as soon as the leak was discovered, but as of 6 September 2017 the software is still up and running.

The spambot hoovers up email addresses so it can then send spam out to them, while stealing passwords enables those behind the attack to hack into user’s accounts.

Troy Hunt, owner of the haveibeenpwned (HIBP) website, warned that the attack is the biggest ever on record for this kind of cyber violation.

HIBP is a website that allows internet users to check if their personal data has been compromised by breaches.

Onliner Spambot leaks 711 million email addresses

Troy Hunt explained that it took examining 110 data breaches over two years to accumulate 711m addresses and here, astonishingly, we have that number in one fell swoop.

Writing in his blog, Hunt said: “Last week I was contacted by someone alerting me to the presence of a spam list – a big one. I’ve loaded ‘big’ spam lists into HIBP before, the largest to date has been a mere 393m records.

“The one I’m writing about today is 711m, which makes it the largest single set of data ever loaded into HIBP. Just for a sense of scale, that’s almost one address for every single man, woman and child in all of Europe.

“The unfortunate reality for all of us is our email addresses are a simple commodity that’s shared and traded with reckless abandon, used by unscrupulous parties to bombard us with everything from Viagra offers to promises of enormous overseas wealth (if only we make a small payment up front, of course).

That, unfortunately, is life on the web today.”

So what can you do now to make sure you’ve not been hit? Firstly, head over to https://haveibeenpwned.com/. Then, type in your email address and it will tell you if your email has been compromised. If so, it is strongly recommended that you immediately change your password.

It is recommended that you use a password manager and try as much as you can to create strong, unique passwords.

In fact, Hunt says: “Enable multi-step verification on everything you store online, this renders the credentials alone absolutely useless.”

MAIN IMAGE: Mike Mozart/Flickr

Tim Bamford author picture


Tim is a veteran freelance journalist writing extensively on internet news and cybersecurity.

News What's the story?

Keep up with the latest developments in UK broadband.

The biggest malware threats of 2020…so far

It’s been a year few of us will forget in a hurry. As the end of June approaches, we review the biggest malware threats of 2020 so far

The biggest malware threats of 2020…so farThe biggest malware threats of 2020…so far Read more

Instagram could become the main news source for young people.

Reuters finds changes in the way younger users consume the news.

Read more

BT launches second line service

BT launches second broadband home line service for the new crop of home workers.

Read more

Best broadband areas for online gaming in the UK.

Read more

Help Learn with us

Make the most of the internet with our broadband library.

A guide to Big Tech alternatives.

It seems like we’re reliant on a small group of companies, are there alternatives?

A guide to Big Tech alternatives.A guide to Big Tech alternatives. Read more

Quick tips for boosting home broadband speed

Boosting speed can transform activities like streaming, gaming and accessing cloud storage

Read more

What’s the difference between hardware, firmware and software?

The differences are confusing if you’re not technically minded, but there's less crossover than you might expect

Read more