The party is ON! Join us at TNW Conference 2021 in Amsterdam for face-to-face business!

The heart of tech

This article was published on August 30, 2017

    Over 700M email addresses were recently compromised. Was yours one of them?

    Over 700M email addresses were recently compromised. Was yours one of them?
    Rachel Kaser
    Story by

    Rachel Kaser

    Internet Culture Writer

    Rachel is a writer and former game critic from Central Texas. She enjoys gaming, writing mystery stories, streaming on Twitch, and horseback Rachel is a writer and former game critic from Central Texas. She enjoys gaming, writing mystery stories, streaming on Twitch, and horseback riding. Check her Twitter for curmudgeonly criticisms.

    Security researchers discovered a doozy of a spam list this week — over 711 million email addresses on it in total. That means it’s time to check your security again.

    A Paris-based researcher called Benkow uncovered the spambot, called “Onliner.” It uses a tiny, pixel-sized images hidden in spam emails to gather details about recipient’s computers. Security expert Troy Hunt says the list contains a “mind-boggling amount of data.”

    What makes Onliner particularly unpleasant is the massive amount of SMTP credentials used to circumvent spam filters. The credentials appear to be mostly scraped from other data leaks.

    While just having your email address in the data isn’t too worrying — all it means is that you have to be extra careful whose emails you open — there are also a number of compromised accounts on the list. This means that your account could be used to send the spam to more people. Hunt told ZDNet that the number of existing emails in use is slightly smaller than the total number of login credentials on the list, so there is that, I suppose.

    To see if you’ve been compromised, head over to Troy Hunt’s HaveIBeenPwned and enter your email address. It’s a good thing to do periodically anyway, just for safety’s sake, but I recommend doing it now just to be sure.

    Hunt says users who have strong passwords and two-factor authentication don’t need to worry too much, though.