More than 600 million e-mail addresses were placed on a spam bot server that anyone can access


A French security researcher discovered that a database containing a huge amount of mail address, password, and SMTP authentication information exists on the spam bot server installed in the Netherlands. More than 711 million data are accessible to anyone, once642 million account information leakedSecurity researcher Troy Hunt, who noticed the occurrence of the incident, commented, "It's an unexpected amount of data."

Benkow_: From Onliner Spambot to millions of email's lists and credentials

Troy Hunt: Inside the Massive 711 Million Record Onliner Spambot Dump

Over 711 Million Email Addresses Exposed From SpamBot Server

This database was discovered by security researcher benkow (@ Benkow_), And the spam bot server I found is named "Onliner Spambot".

According to Mr. benkow, no restrictions are imposed on the database, anyone can use it without inputting a password, and since 2016 "Ursnif ( Earth niff) "is also spreading by spam sent using this" Onliner Spambot ".

SMTP authentication information is required for spam transmission, and it is considered that "Onliner Spambot" is useful because there are two choices "to make by yourself" or "to buy from someone" for obtaining.

Of the data of more than 711 million cases, there are 630 million e-mail addresses and about 80 million SMTP authentication information.

"Have I been pwned? (HIBP)" that if you search by your email address or ID name you will be hacked to see if it was in the past runoff listSecurity expert Troy Hunt is in contact with a law enforcement agency to contact the benkow and stop the server as soon as possible.

However, according to Mr. Hunt, while the mail address in the database contains the collected mails, there are many email addresses that do not originally exist, so it seems that the damage is not as great as the numbers on the surface.

In HIBP, it is already possible to search for 711 million data.

in Security, Posted by logc_nt