Spambot leaks more than 700m email addresses in massive data breach

https://www.theguardian.com/technology/2017/aug/30/spambot-leaks-700m-email-addresses-huge-data-breach-passwords

More than 700m email addresses, as well as a number of passwords, have leaked publicly thanks to a misconfigured spambot, in one of the largest data breaches ever.

The number of real humans’ contact details contained in the dump is likely to be lower, however, due to the number of fake, malformed and repeated email addresses contained in the dataset, according to data breach experts.

Troy Hunt, an Australian computer security expert who runs the Have I Been Pwned site, which notifies subscribers when their data ends up in breaches, wrote in a blog post: “The one I’m writing about today is 711m records, which makes it the largest single set of data I’ve ever loaded into HIBP. Just for a sense of scale, that’s almost one address for every single man, woman and child in all of Europe.”

It contains almost twice the records, once sanitised, than those contained in the River City Media breach from March, previously the largest breach from a spammer.

The data was available because the spammers failed to secure one of their servers, allowing any visitor to download many gigabytes of information without needing any credentials. It is impossible to know how many others besides the spammer who compiled the database have downloaded their own copies.

While there are more than 700m email addresses in the data, however, it appears many of them are not linked to real accounts. Some are incorrectly scraped from the public net, while others appear to have been simply guessed at by adding words such as “sales” in front of a standard domain to generate, for example, “sales@newspaper.com”.

There are also millions of passwords contained in the breach, apparently a result of the spammers collecting information in an attempt to break in to users’ email accounts and send spam under their names. But, Hunt says, the majority of the passwords appear to have been collated from previous leaks: one set mirrors the 164m stolen from LinkedIn in May 2016, while another set mirrors 4.2m of the ones stolen from Exploit.In, another pre-existing database of stolen passwords.

“Finding yourself in this data set unfortunately doesn’t give you much insight into where your email address was obtained from nor what you can actually do about it,” Hunt says. “I have no idea how this service got mine, but even for me with all the data I see doing what I do, there was still a moment where I went ‘ah, this helps explain all the spam I get’.”

The leak is not the only major breach announced today. Video games reseller CEX notified customers that an online security breach may have leaked as many as 2m accounts, including full names, addresses, email addresses and phone numbers. Card information was also contained in the breach “in a small number of instances”, but the newest financial data dates to 2009, meaning it has likely expired for those users.

“We take the protection of customer data extremely seriously and have always had a robust security programme in place which we continually reviewed and updated to meet the latest online threats,” the company said in a statement. “Clearly however, additional measures were required to prevent such a sophisticated breach occurring and we have therefore employed a cybersecurity specialist to review our processes. Together we have implemented additional advanced measures of security to prevent this from happening again.”

http://www.bbc.com/news/technology-41104449

Instagram has revealed a flaw in its systems revealed “a number of” stars’ phone numbers and email addresses to cyber-attackers.

The Facebook-owned social network has emailed verified members, usually prominent figures, to let them know.

It said it believed “one or more” attackers had targeted high-profile stars to get their contact information.

Instagram said passwords had not been stolen but warned users to watch for suspicious activity on their accounts.

However, it did not say which accounts had been affected.

The security breach was made possible due to a bug in the company’s own software.

Its application programming interface (API) was at fault, it said – but added that the bug had since been fixed.

The company warned its verified users to “be extra vigilant” about unexpected phone calls, texts, and emails.

Instagram has more than 500 million users worldwide, some 300 million of which use it once a day.

———-

its hacking season..and these are massive breaches..the instagram one popped up yesterday as well..

“While there are more than 700m email addresses in the data, however, it appears many of them are not linked to real accounts. Some are incorrectly scraped from the public net, while others appear to have been simply guessed at by adding words such as “sales” in front of a standard domain to generate, for example, “sales@newspaper.com”.

401

Advertisements

~ by seeker401 on September 1, 2017.

2 Responses to “Spambot leaks more than 700m email addresses in massive data breach”

  1. State sponsored spambots ?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: