18:30 GMT +323 October 2017
Live
    A projection of cyber code on a hooded man is pictured in this illustration picture taken on May 13, 2017

    More Than 700 Million Passwords Exposed in Massive Spambot Data Breach

    © REUTERS/ Kacper Pempel/Illustration
    Tech
    Get short URL
    0 122740

    In one of the largest data breaches in history, a misconfigured spambot computer program publicly leaked more than 700 million email addresses and passwords, though experts say that repeated or fake email addresses could reduce the number of real people impacted.

    Australian computer security expert Troy Hunt runs a website, Have I Been Pwned, that notifies people if their data has been leaked in breaches. Hunt wrote on his blog that 711 million records were leaked in this breach, "which makes it the largest single set of data I’ve ever loaded into HIBP. Just for a sense of scale, that’s almost one address for every single man, woman and child in all of Europe." 

    Before this incident the largest breach hunt encountered involved 393 million records.

    The database was exposed when the spammers neglected to secure one of their servers, allowing uncredentialed people to potentially download gigabytes of data. It isn’t clear how many people may have actually done so.

    Given that the data was already in the hands of spammers, the leak isn’t causing too much concern. Cyber security strategist Matthew Gardiner told NBC News, "While it's large in terms of numbers, it's not that risky. [Information] was already in the wrong hands and who knows what they or their associates have been doing with it already." 

    Hunt says that while millions of passwords were leaked in the breach, mostly due to spammers attempting to break into users’ emails to send spam through their accounts, many of them seemed to have been culled already from other breaches.

    One set of passwords resembles the 4.2 million that were stolen from the stolen password database Exploit.In in May, while another mirrors the 164 million stolen from networking site LinkedIn in May 2016.

    "Finding yourself in this data set unfortunately doesn’t give you much insight into where your email address was obtained from nor what you can actually do about it," Hunt wrote. "I have no idea how this service got mine, but even for me with all the data I see doing what I do, there was still a moment where I went 'ah, this helps explain all the spam I get.'"

    CEX, a video game reseller, also announced a leak today, notifying its customers of an online security breach that released up to 2 million accounts that include personal information like addresses, phone numbers, full names and email addresses.

    The company said in a statement, "We take the protection of customer data extremely seriously and have always had a robust security programme in place which we continually reviewed and updated to meet the latest online threats."

    "Clearly however, additional measures were required to prevent such a sophisticated breach occurring," the company conceded. "We have therefore employed a cybersecurity specialist to review our processes. Together we have implemented additional advanced measures of security to prevent this from happening again."

    Related:

    'Vault 7': CIA Catalogues Hack Techniques Used by Other States, Including Russia
    Hack That: US Shares Classified Report on Alleged Russian Meddling With EU
    'Why on Earth Would Russia Want to Hack Czech Foreign Ministry Emails?'
    About That 'Hack' of Georgia's US House Special Election
    'Purely Not True': UAE FM Denies Responsibility for Qatar News Agency Hack
    Tags:
    leak, data breach, Hack
    Community standardsDiscussion
    Comment via FacebookComment via Sputnik
    • Сomment