One of the largest email address data dumps has been found on a server in the Netherlands, operating as a spam bot to distribute malware to unsuspecting users aimed squarely at stealing financial information
Security researcher Benkow uncovered the server and its trove of data which contains 711 million email addresses, passwords, and email servers used to send spam. It appears the breach is a collection of data obtained in previous breaches such as Dropbox (2012) and LinkedIn (2012).
Analysis by security specialist Troy Hunt suggests "there's 12.5m rows [of Australian email addresses] in there which would mean roughly one per every 2 people in the country." That is a staggering number of Australian accounts at risk!
In addition to business and users needing to be hyper vigilant on spam in the coming weeks and months this latest data breach serves as a strong reminder for users to:
- Use complex passwords
- Not use the same password on every site
- Check your email address(s) on Have I been Owned regularly
- Reset any account passwords (and change email addresses) which appear on the Have I been Owned site
- Use a password manager which can generate and store complex passwords e.g. Lastpass, Dashlane or 1Password.
Our most recent thought leadership addresses the many cyber risks Mid Sized Business needs to address, download it here or reach out for a chat.
The spambot, dubbed "Onliner," is used to deliver the Ursnif banking malware into inboxes all over the world. To date, it's resulted in more than 100,000 unique infections across the world