Skip to main content

711 Million Email Addresses Exposed: How to Protect Yourself

Typically, your spam folder catches a lot of the malware-infected crud sent by the mischievous ne'er-do-wells from the darker corners of the internet. Unfortunately, a newly discovered attack has targeted more than 711 million email accounts.

Fortunately, only some -- not all -- of the targets' passwords have been taken.

Credit: OLEH SLEPCHENKO/Shutterstock

(Image credit: OLEH SLEPCHENKO/Shutterstock)

The Onliner spambot, first discovered by a Paris-based security researcher who goes by the Benkow pseudonym, was confirmed by well-regarded security expert Troy Hunt in an August 30 blog post. Hunt -- a Microsoft Regional Director who runs the breach-tracking website Have I Been Pwned -- referred to a data dump from Onliner as "a mind-boggling amount of data," in which he even found his own email address.

How does Onliner do it?

According to a ZDNet report, the hooligans behind the spambot compiled a massive database of 80 million email credentials from a number of other breaches, such as the LinkedIn hack. These logins were then used to spam 630 million email addresses, whose spam filters they jumped right over.

What can you do?

First, check Have I Been Pwned to see if your email account information is in the hack, Onliner may not have much of your information beyond your address. Onliner worked by sending two rounds of emails, as only a fraction of the 711 million targets could actually be infected by its malware.

If Have I Been Pwned says your email address appeared in the Onliner dump, there are three steps you need to take immediately. The first is changing the password to your email account. Second, make sure you're not using that password in any other online accounts -- especially those for banking. Lastly, enable two-factor authentication, so your email address and password alone aren't enough for your account to be cracked.

MORE: Best Mobile Password Managers

The spambot campaign whittled its target list down by placing a difficult-to-see, pixel-sized image in its initial emails, which contained code to send a user's IP address and system information back to HQ. If the pixel detected its recipient was a Windows PC (Androids, iOS devices and Macs are protected), it would tell the server to send more-targeted emails -- which looked like invoices -- to the addresses it identified as vulnerable.

Now's a good time to look into a password manager, which can help you create strong, hard-to-guess passwords. And of course, do your best to avoid opening suspicious-looking emails, especially those that look like invoices for services you don't pay for.

The secondary wave of emails is smaller for the sake of obscurity, since larger attacks are more likely to draw the attention of law enforcement and security experts. The infectious emails contain a JavaScript file that does all the dirty work, pwning your machine.

  • JoshRoss
    Some of my old emails have been compromised. The good news about potential password leaks is that every year I go through a brand new iteration of passwords. Thanks for sharing!
    Reply
  • stevendbritten
    Ironically, when I click on the link for haveibeenpwned.com I get:

    "This site can’t provide a secure connection

    haveibeenpwned.com uses an unsupported protocol.
    ERR_SSL_VERSION_OR_CIPHER_MISMATCH

    The client and server don't support a common SSL protocol version or cipher suite. This is likely to be caused when the server needs RC4, which is no longer considered secure."

    Huh???
    Reply
  • henrytcasey
    20124463 said:
    Ironically, when I click on the link for haveibeenpwned.com I get:

    "This site can’t provide a secure connection

    haveibeenpwned.com uses an unsupported protocol.
    ERR_SSL_VERSION_OR_CIPHER_MISMATCH

    The client and server don't support a common SSL protocol version or cipher suite. This is likely to be caused when the server needs RC4, which is no longer considered secure."

    Huh???

    Hm, maybe your browser's settings have something off for HTTPS? when I opened haveibeenpwned.com/ on my end (Chrome) it loaded properly and automatically added that HTTPS prefix.
    Reply
  • aquielisunari
    20124003 said:
    A spambot built on data from previous data breaches has targeted more than 711 million email addresses. Here's how to stay safe.

    711 Million Email Addresses Exposed: How to Protect Yourself : Read more

    20124479 said:
    20124463 said:
    Ironically, when I click on the link for haveibeenpwned.com I get:

    "This site can’t provide a secure connection

    haveibeenpwned.com uses an unsupported protocol.
    ERR_SSL_VERSION_OR_CIPHER_MISMATCH

    The client and server don't support a common SSL protocol version or cipher suite. This is likely to be caused when the server needs RC4, which is no longer considered secure."

    Huh???

    Hm, maybe your browser's settings have something off for HTTPS? when I opened haveibeenpwned.com/ on my end (Chrome) it loaded properly and automatically added that HTTPS prefix.

    Change your passwords on a weekly/bi-weekly basis. There are apps that can do that for you but staying local is more secure. Don't forget you bank. I have 19 sites that need a password. It's a waste of time changing my security information that often. If that's too often then it's you that is choosing to get hacked.

    There are anti-keylogging programs that can help avoid closer hack attacks.

    An IVPN can help. While something like CyberGhost free can help paid services are usually more secure than free services. Security programs like AVG have integrated VPN trials which you can then upgrade.

    Use disposable eMail account names whenever possible.

    If your network is hardwired you can disable your Wi-Fi radios.

    Password1234 is still being used :pfff:
    Reply