The biggest ever data breach

Cyber criminals harvest millions of emails and passwords on an open server 711 million email addresses have become the subject of what's being called the biggest ever data breach

711 million email addresses have been leaked this week in what’s being called the biggest ever data breach. A security researcher known as Benkow found an open and accessible web server with over 700 million email addresses and millions of passwords, all publically available. The cybercriminals behind the server are believed to have been harvesting the data to send spam and banking malware through their spambot.

Troy Hunt, an online security whistle-blower, was then alerted of the breech to help others through his breach notification website Have I Been Pwned (HIBP). He said on his blog that it’s, “the largest single set of data I've ever loaded into HIBP. Just for a sense of scale, that's almost one address for every single man, woman and child in all of Europe.” 

As reported by the Guardian, the data does however contain some fake, duplicated and incorrectly scrapped email addresses so the number of real accounts is likely to be lower. Also, some datasets are copies of these from previous leaks, including the LinkedIn and Exploit.In leaks. Yet, close to home for Hunt, he found his own email address among the hundreds of millions sitting on the open server. 

ZDNet reported early on that the credentials would be used for a “large-scale malware operation.” Using the millions of accounts, the spambot called Onliner would be able to send scam emails through legitimate email servers that bypass spam filters.

Fortunately this spambot was uncovered before the potential of its colossal database was really put to use. However, it highlights an alarming trend; the size of these data breaches and sophistication of the campaigns behind them seem to be ever increasing. The recent global ransomware attack, affecting some of the world’s biggest public and private organizations is another example of the increasing size of these attacks. 

As we’ve previously reported, the effects of a data-breach on businesses are profound. 72 percent of businesses who have experienced a major data breach shut down within two years. For help on keeping your company’s data breach-free, take a look at our report or contact our team.