Onliner Spambot leaks 711 million email addresses

Wednesday, 6 September, 2017

A treasure trove of 711 million email addresses have been harvested by a spambot called ‘Onliner’, putting millions of people at risk of criminal activity.

It’s thought the attack originated in Holland. Law enforcement agencies were contacted as soon as the leak was discovered, but as of 6 September 2017 the software is still up and running.

The spambot hoovers up email addresses so it can then send spam out to them, while stealing passwords enables those behind the attack to hack into user’s accounts.

Troy Hunt, owner of the haveibeenpwned (HIBP) website, warned that the attack is the biggest ever on record for this kind of cyber violation.

HIBP is a website that allows internet users to check if their personal data has been compromised by breaches.

Onliner Spambot leaks 711 million email addresses

Troy Hunt explained that it took examining 110 data breaches over two years to accumulate 711m addresses and here, astonishingly, we have that number in one fell swoop.

Writing in his blog, Hunt said: “Last week I was contacted by someone alerting me to the presence of a spam list – a big one. I’ve loaded ‘big’ spam lists into HIBP before, the largest to date has been a mere 393m records.

“The one I’m writing about today is 711m, which makes it the largest single set of data ever loaded into HIBP. Just for a sense of scale, that’s almost one address for every single man, woman and child in all of Europe.

“The unfortunate reality for all of us is our email addresses are a simple commodity that’s shared and traded with reckless abandon, used by unscrupulous parties to bombard us with everything from Viagra offers to promises of enormous overseas wealth (if only we make a small payment up front, of course).

That, unfortunately, is life on the web today.”

So what can you do now to make sure you’ve not been hit? Firstly, head over to Then, type in your email address and it will tell you if your email has been compromised. If so, it is strongly recommended that you immediately change your password.

It is recommended that you use a password manager and try as much as you can to create strong, unique passwords.

In fact, Hunt says: “Enable multi-step verification on everything you store online, this renders the credentials alone absolutely useless.”

MAIN IMAGE: Mike Mozart/Flickr

Tim Bamford author picture


Tim is a veteran freelance journalist writing extensively on internet news and cybersecurity.

News What's the story?

Keep up with the latest developments in UK broadband.

Brits spend up to 4.9 hours surfing the web at work!

Over half describe themselves as “faffers”, wasting hours online during work.

Brits spend up to 4.9 hours surfing the web at work!Brits spend up to 4.9 hours surfing the web at work! Read more

Scottish government to pay for residents’ superfast broadband.

Missed fibre rollout target sees vouchers offered to connect everyone.

Read more

Beware of this Firefox security flaw!

Mozilla has found a severe flaw in Firefox that could allow hackers to control your computer.

Read more

Twitter controversy as ‘reply block’ announced.

Read more

Help Learn with us

Make the most of the internet with our broadband library.

What are the differences between HD, UHD, 4K and 8K?

What are the differences between HD, UHD, 4K and 8K?What are the differences between HD, UHD, 4K and 8K? Read more

How far can augmented reality take us?

Read more

Keeping the Internet of Things secure

Read more

The best broadband routers for 2020

Read more