A malware researcher has discovered a spamming operation with access to more than 7.1 million email addresses, said to be the ‘biggest of its kind’
Email addresses have been gathered by a huge spamming operation with the intention of sending spam, as a malware researcher found out this week.
In order to accumulate this amount of addresses, it is believed that 110 data breaches took place over a 2-year period.
Users can check if their emails are included at this website, Have I Been Pwned.
The operation, called Onliner, was first pointed out by a Paris-based malware researcher known as Benkow.
Hacked users can be divided into two camps.
In situations where only the email address is known to the hackers, the user will receive spam emails in the hope they will hand over more personal information.
In cases where the login details of the user are known hackers can take over their account in secret to aid their operations and send spam under their name.
Video game retailer CEX also suffered a hack recently, with hackers leaking customer’s personal details from over 2 million accounts.
The former head of the Spamhaus project Richard Cox said:
“The lists of compromised accounts are more worrying.”
“When compromised accounts are used for spam, they can only be stopped by their providers suspending the account – but when that many are involved, it will severely overload the security/abuse departments of those providers, making it a slow process and that is what keeps the spam flowing.”
Protecting your information
Experts are advising that the best way to deal with your information being stolen is to change it.
Users are advised to change their password or even close their account if their address is found on Have I Been Pwned.
The server is believed to be based in the Netherlands and efforts are being made to have relevant authorities shut it down.
A blog post by Have I Been Pwned operator Troy Hunt offers advice on how to spot an email that may contain harmful malware.
While the sheer number of addresses is concerning, Hunt advises that many will be not ‘well formed’ and picked up indiscriminately, meaning less ‘actual humans’ will be affected than the number indicates.