'Open and accessible' spambot server leaks 711 million records

Many duplicates in River City-rivalling data spill

A spambot operation has leaked 711 million email addresses in a massive data breach.

A Paris-based security researcher, who goes by the pseudonymous handle Benkow, discovered an open and accessible web server hosted in the Netherlands. The "open and accessible" system stored dozens of text files containing a huge batch of email addresses, some passwords and a list of email servers used to send junk mail.

Many of the addresses are repeated, defunct or otherwise unusable, according to an initial analysis by Troy Hunt, the security researcher behind the haveibeenpwned.com breach notification service. However a number of the records come with passwords, credentials spammers abuse in the furtherance of junk mail distribution.

The latest leak rivals the River City Media spill from March as the largest-ever breach involving a bulk mailer. Both spills leaked a witch's brew of merged data from multiple sources, including the 2012 LinkedIn data breach among many others.

Jim Walter, senior research scientist at Cylance, said: "This is an important reminder of one aspect of the data-breach lifecycle. The threats outlined are not new or novel, nor is the credential harvesting/storage methodology. Data breaches don't end after the public disclosure. Leaked/breached data can continue to live on and be used, reused, sold, resold, etc."

James Romer, EMEA chief security architect at multi-factor authentication firm SecureAuth, added: "This latest Spambot leak highlights the fact that passwords are the root cause of many serious security problems for organisations today. 700 million passwords and email addresses is a treasure trove for cybercriminals, but despite increasingly complex password use, data breaches continue to soar." ®


Biting the hand that feeds IT © 1998–2017