Spambot leaks more than 700m email addresses
AUSTRALIA - More than 700m email addresses, as well as a number of passwords, have leaked publicly thanks to a misconfigured spambot, in one of the largest data breaches ever.
The number of real humans’ contact details contained in the dump is likely to be lower, however, due to the number of fake, malformed and repeated email addresses contained in the dataset, according to data breach experts. Troy Hunt, an Australian computer security expert who runs the Have I Been Pwned site, which notifies subscribers when their data ends up in breaches, wrote in a blog post: “The one I’m writing about today is 711m records, which makes it the largest single set of data I’ve ever loaded into HIBP. Just for a sense of scale, that’s almost one address for every single man, woman and child in all of Europe.” It contains almost twice the records, once sanitised, than those contained in the River City Media breach from March, previously the largest breach from a spammer.
The data was available because the spammers failed to secure one of their servers, allowing any visitor to download many gigabytes of information without needing any credentials. It is impossible to know how many others besides the spammer who compiled the database have downloaded their own copies.
While there are more than 700m email addresses in the data, however, it appears many of them are not linked to real accounts. Some are incorrectly scraped from the public net, while others appear to have been simply guessed at by adding words such as “sales” in front of a standard domain to generate, for example, “sales@newspaper.com”.
(Theguardian.com)