Onliner Spambot leaks 711 million email addresses

Wednesday, 6 September, 2017

A treasure trove of 711 million email addresses have been harvested by a spambot called ‘Onliner’, putting millions of people at risk of criminal activity.

It’s thought the attack originated in Holland. Law enforcement agencies were contacted as soon as the leak was discovered, but as of 6 September 2017 the software is still up and running.

The spambot hoovers up email addresses so it can then send spam out to them, while stealing passwords enables those behind the attack to hack into user’s accounts.

Troy Hunt, owner of the haveibeenpwned (HIBP) website, warned that the attack is the biggest ever on record for this kind of cyber violation.

HIBP is a website that allows internet users to check if their personal data has been compromised by breaches.

Onliner Spambot leaks 711 million email addresses

Troy Hunt explained that it took examining 110 data breaches over two years to accumulate 711m addresses and here, astonishingly, we have that number in one fell swoop.

Writing in his blog, Hunt said: “Last week I was contacted by someone alerting me to the presence of a spam list – a big one. I’ve loaded ‘big’ spam lists into HIBP before, the largest to date has been a mere 393m records.

“The one I’m writing about today is 711m, which makes it the largest single set of data ever loaded into HIBP. Just for a sense of scale, that’s almost one address for every single man, woman and child in all of Europe.

“The unfortunate reality for all of us is our email addresses are a simple commodity that’s shared and traded with reckless abandon, used by unscrupulous parties to bombard us with everything from Viagra offers to promises of enormous overseas wealth (if only we make a small payment up front, of course).

That, unfortunately, is life on the web today.”

So what can you do now to make sure you’ve not been hit? Firstly, head over to https://haveibeenpwned.com/. Then, type in your email address and it will tell you if your email has been compromised. If so, it is strongly recommended that you immediately change your password.

It is recommended that you use a password manager and try as much as you can to create strong, unique passwords.

In fact, Hunt says: “Enable multi-step verification on everything you store online, this renders the credentials alone absolutely useless.”

MAIN IMAGE: Mike Mozart/Flickr

Tim Bamford author picture

By:

Tim is a veteran freelance journalist writing extensively on internet news and cybersecurity.

News What's the story?

Keep up with the latest developments in UK broadband.

United Nations warns of ‘digital welfare dystopia’

The UN has warned internet users of handing over their data to ‘big tech’ and accused companies of exploiting the poorest users.

United Nations warns of ‘digital welfare dystopia’United Nations warns of ‘digital welfare dystopia’ Read more

BT and O2 launch 5G in the same week!

BT and O2 are the latest networks to enter the bitter high street 5G battle.

Read more

UK Porn block for children has been scrapped.

The government’s controversial ‘porn blocker’ plan, mired in delays and problems, has been officially scrapped.

Read more

Gigaclear undertake costly fibre install UNDER River Severn to reach rural customers

The upstart ISP embarks on ambitious plan to ensure rural customers have access to full fibre broadband!

Read more

Help Learn with us

Make the most of the internet with our broadband library.

Minimum connection speeds for common online activities

Read more

How many companies provide full fibre broadband?

Read more