The Internet doesn’t come with a safety harness. If you are using online commerce (which is nearly everyone), there is always some risk of a security breach–and even identity theft. Now, security researchers have discovered an enormous spam list–containing over 710 million email addresses.
Uncovered by Benkow, a Paris-based security researcher, this is the largest single spam list to be loaded into Have I Been Pwned (HIBP). The data set comprises two different lists. One of them only has email addresses–that’s annoying, but not much else. The second one is right from our nightmares–having both addresses and passwords. Clearly, the second list represents a major security threat.
A computer security researcher, Troy Hunt, obtained the list of compromised email addresses from Benkow and uploaded it to his website. For a sense of scale, the largest data set that Hunt previously published contained “just” 393 million addresses. Clearly, the current list is nearly double in size.
It turns out, all this data was harvested by a tool called “Onliner Spambot”. Hunt and Benkow were able to trace Onliner Spambot to an IP address in the Netherlands. While Dutch law enforcement was notified to shut down the spambot. Authorities have taken no action so far. And there is no guarantee the actual source is in the Netherlands. So, it is up to you to keep your email addresses (and passwords) secure.
Where can you start? Go to HaveIBeenPwned.com and check if your email address is on the list. If so, change your password immediately. If you have used the same email address to sign up for some websites, then consider changing your password for all of them.
It’s not much different than if you lost a house key or a credit card. It may be inconvenient to do, but it can prevent security breaches and identity theft .