A misconfigured spambot leaked more than 700 million email addresses and millions of passwords in a massive data breach. Considered to be one of the largest data breaches ever, the leak contains almost twice the records than those contained in the River City Media breach.
Since the spammers failed to secure one of its servers, almost 711 million records of email addresses were available to visitors for download without needing any credentials. However, the actual number of people affected could be lower due to fake, malformed, and repeated email addresses present in the database. Also, some of the email addresses are incorrectly scraped from the internet, while others could be the result of guesswork.
A blog post in “Have I Been Pwned” website by an Australian computer security expert Troy Hunt said, “The one I’m writing about today is 711m records, which makes it the largest single set of data I’ve ever loaded into HIBP. Just for a sense of scale, that’s almost one address for every single man, woman, and child in all of Europe.”
Millions of passwords are contained in the breach because the spammers reportedly tried to collect information that could be used to break into users’ email accounts and spread spam under their names. However, Hunt said that some passwords may be from previous breaches.
Hunt further added, “Finding yourself in this data set unfortunately doesn’t give you much insight into where your email address was obtained from nor what you can actually do about it. I have no idea how this service got mine, but even for me with all the data I see doing what I do, there was still a moment where I went ‘ah, this helps explain all the spam I get’.”