THE email addresses and passwords of 771 million people have been published online during a gigantic data leak.
Personal data collected by a “spambot” called Onliner has been dumped on a server thought to be located in the Netherlands.
This bot is designed to spread malware that steals banking details and infects people’s computers to pump out more viruses as well as vast amounts of spam — the name for the unwanted emails often sent by scammers.
Troy Hunt, who owns the website HaveIBeenPwned, said the leak was “the largest single set of data I’ve ever loaded into HIBP”.
His website offers an easy way of finding out if your details have been published in a data breach.
“Just for a sense of scale, that’s almost one address for every single man, woman and child in all of Europe,” he said.
Mr Hunt said the incident is so severe that even he was caught up in it.
He added: “The first place to start is with an uncomfortable truth: my email address is in there. Twice.”
Anyone whose email address is on the list is likely to be hit by a barrage of spam. If your email address is on the list, your account could be taken over and turned into a spam factory or used to distribute dangerous malware.
The Onliner spambot is known to help the spread of the Ursnif banking trojan virus, which is designed to steal the login details of people’s online bank accounts.
“The malicious software contained a server-based component located on an IP address in the Netherlands which exposed a large number of files containing personal information,” the website HaveIBeenPwned wrote.
“In total, there were 711 million unique email addresses, many of which were also accompanied by corresponding passwords. A full write-up on what data was found is in the blog post titled Inside the Massive 711 Million Record Onliner Spambot Dump.”
Hunt said the existence of the server has been handed to Dutch police so they can shut it down.
Click here to find out if you’ve been caught up in the latest mega leak.