The year 2017 has already been the year for some massive data breaches such as Zomato and Lynda. At the same time Anti Public Combo List and Exploit.in list with millions of accounts were already leaked online. But now, here’s another threat to unsuspecting users – thanks to Benkow, a security researcher based in France for revealing it.
According to Benkow, he has got hands on a spambot by the name of “Onliner Spambot” containing email addresses and clear text passwords of 711 million users from around the world, one of the largest single set of data. The database is hosted on a server in Netherlands and is publicly available for anyone to access without any password protection.
The database has been used to send out spams and Ursnif banking trojan to users since 2016. Ursnif steals banking information from target computers including credit card data. Here is an example of malware infected email sent by scammers using Ursnif.
The .doc file contains trojan
“To send spam, the attacker needs a huge list of SMTP credentials. To do so, there are only two options: create it or buy it. And it’s the same as for the IPs: the more SMTP servers he can find, the more he can distribute the campaign,” Benkow said.
The database has been verified by Troy Hunt of HaveIbeenPwned (HIBP) who wrote a blog post explaining that 27 percent of the leaked accounts were already part of HIBP and predominantly from data breaches such as LinkedIn, Anti Combo list, MySpace, and Dropbox.
“It took HIBP 110 data breaches over a period of 2 and a half years to accumulate 711m addresses and here we go, in one fell swoop, with that many concentrated in a single location. It’s a mind-boggling amount of data,” said Hunt.
Here is a screenshot from the leaked data.
To check if your email is on file, go to HIBP and just put the email address in the search bar for results. If you are the victim, it is advised to change your password and enable 2-Step Verification (also known as two-factor authentication), it allows you to add an extra layer of security to your account.
Gaurav Banga, Founder, and CEO, Balbix told HackRead.com that “From an enterprise perspective, employees often use the same password for sensitive corporate applications and their personal social media accounts. As a result, information such as valuable login credentials can be exposed and compromised when a social platform provider gets hacked. Enterprises need a way to continuously monitor the risk of credential theft from password sharing between corporate trusted and unknown websites and apps.”
Salim Hafid, Product Manager, Bitglass also commented on the issue and said that “At scale, phishing attacks that bypass spam filters and spoof legitimate sources are no doubt more effective than typical phishing strategies. These targeted attacks, where malware is delivered to millions of individuals, can spread at higher rates and yield more information.”
Remember:
Never open spam or unknown emails
Never click links or download attachments from such emails
Change your password regularly
If you are using the leaked email on other accounts, change their passwords as well.
Keep an eye on any unsuspicious activity on your account
Check your banking transactions regularly and in case of suspicious transaction contact your bank
In all probability it may be just a matter of time when the above discussion database will be accessed by cyber criminals, therefore, follow the steps we mentioned above and stay safe online.
For further technical details on the leak visit Benkow’s blog post here and Troy Hunt’s blog post here.
