More than 711 million email records have recently been released in one of the biggest data breaches of all time. The spammer is reportedly using verified email servers to bypass spam filters.
Security researcher Troy Hunt has described in a blog post the number of server login credentials stolen is equivalent to "almost one address for every single man, woman and child in all of Europe". Hunt runs the data breach notifier platform Have I Been Pwned.
To know if you have been affected by the data breach, check it on the HIBP site.
Also read: A Canadian university loses US$9m in new phishing scam
Hunt has noted that the leak may be massive in number, but some of the leaked credentials have been repeated. A security researcher who goes by the name Benkow first discovered the data in a public and unsecured server hosted in the Netherlands.
Benkow has stressed the spambot used in this breach was also used to spread the Ursnif malware, which steals banking data, among other abilities. He has speculated that the spambot roots back to a Facebook phishing campaign.
"It's difficult to know where those lists of credentials came from. One part (~2 million) seems to come from a Facebook phishing campaign, those I have tested seems to be working and were not on HIBP," writes Benkow in a blog post.
Hunt, on the other hand, believes that some of the credentials came from LinkedIn data breach and other hacks.
Ross Brewer, LogRhythm vice president, has informed IBTimes UK that it has become "easy" for people to fall into the hands of cyber criminals.
"What's scary about the spambot leak is that this data has been scraped and scavenged from older data breaches," says Brewer. "It's becoming increasingly easy for individuals' data to fall into the wrong hands, which means hackers no longer need to implement sophisticated attacks. The reality is that, because of these regular data dumps, no one's data is safe."
Both Hunt and Benkow have informed the Dutch law enforcement through a "trusted source" regarding the issue to cut off the spambot's IP address.