[BreachExchange] Onliner Spambot dump exposes 711 Million email and passwords

Destry Winant destry at riskbasedsecurity.com
Thu Aug 31 08:29:22 EDT 2017


https://www.hackread.com/onliner-spambot-exposed-711-million-email-passwords/

The year 2017 has already been the year for some massive data breaches such
as Zomatoand Lynda. At the same time Anti Public Combo List and Exploit.in
list with millions of accounts were already leaked online. But now, here’s
another threat to unsuspecting users – thanks to Benkow, a security
researcher based in France for revealing it.

According to Benkow, he has got hands on a spambot by the name of “Onliner
Spambot” containing email addresses and clear text passwords of 711 million
users from around the world, one of the largest single set of data. The
database is hosted on a server in Netherlands and is publicly available for
anyone to access without any password protection.

The database has been used to send out spams and Ursnif banking trojan to
users since 2016. Ursnif steals banking information from target computers
including credit card data. Here is an example of malware infected email
sent by scammers using Ursnif.

“To send spam, the attacker needs a huge list of SMTP credentials. To do
so, there are only two options: create it or buy it. And it’s the same as
for the IPs: the more SMTP servers he can find, the more he can distribute
the campaign,” Benkow said.

The database has been verified by Troy Hunt of HaveIbeenPwned (HIBP) who
wrote a blog post explaining that 27 percent of the leaked accounts were
already part of HIBP and predominantly from data breaches such as LinkedIn,
Anti Combo list, MySpace, and Dropbox.

“It took HIBP 110 data breaches over a period of 2 and a half years to
accumulate 711m addresses and here we go, in one fell swoop, with that many
concentrated in a single location. It’s a mind-boggling amount of data,”
said Hunt.

Here is a screenshot from the leaked data. (here)
<https://www.hackread.com/wp-content/uploads/2017/08/onliner-spambot-exposed-711-million-email-passwords-3-768x550.png>

To check if your email is on file, go to HIBP and just put the email
address in the search bar for results. If you are the victim, it is advised
to change your password and enable 2-Step Verification (also known as
two-factor authentication), it allows you to add an extra layer of security
to your account.

Remember:
Never open spam or unknown emails
Never click links or download attachments from such emails
Change your password regularly
If you are using the leaked email on other accounts, change their passwords
as well.
Keep an eye on any unsuspicious activity on your account
Check your banking transactions regularly and in case of suspicious
transaction contact your bank

In all probability it may be just a matter of time when the above
discussion database will be accessed by cyber criminals, therefore, follow
the steps we mentioned above and stay safe online.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170831/3d8b6f94/attachment.html>


More information about the BreachExchange mailing list