More than 711 million email accounts have been exposed as part of a major spamming and malware operation, security researchers are warning.
As ZDNet reports, a researcher who goes by the handle Benkow recently discovered the credentials — including email addresses and associated passwords — on a spambot server hosted in the Netherlands. The spambot, called "Onliner," has been in use since 2016 to spread a banking Trojan called Ursnif, Benkow writes in a blog post.
Also included in the breach are about 80 million simple mail transfer protocol (SMTP) accounts, which "give the spammer a nice range of mail servers to send their messages from," according to security researcher Troy Hunt, who runs the breach notification site Have I Been Pwned, and has been working with Benkow to get the word out about the leak.
As ZDNet explains, those credentials allow the perpetrators to "send what appears to be legitimate email," bypassing spam filters.
Processing the largest list of data ever seen in @haveibeenpwned courtesy of a nasty spambot. I'm in there, you probably are too.
— Troy Hunt (@troyhunt) August 28, 2017