700 Million Email Accounts Hijacked by Spammers

More than 700 million email addresses and passwords have been leaked online. While many are bogus, enough appear to be genuine that security experts have advised users to change their email passwords.

The collection of account details does not appear to have been used for identity theft or other fraud. Instead, the collection has been marketed as a way to send spam messages.

The idea is that spammers can login to the compromised accounts in order to send their unsolicited emails. This effectively flies under the spam radar, as most spam comes from IP addresses without any reputation. In this case, however, reputable email providers (such as yahoo, aol, hotmail, etc) would be used to send the unsolicited junk mail.

Accounts Used To Pass On Malware

The unsolicited junk email won't be used solely for sending advertising, however. It has also been used to send messages with bogus attachments that carry malware. (Source: zdnet.com)

Even before the mass email leak, it was bad news for anyone that was compromised. Having an account used in this way increases the chance that it will be added to spam and malware blacklists, making it harder for legitimate emails to get through.

The publication of the spam list makes things worse, however. It increases the risk that anyone could use the account details to access someone else's messages and steal confidential data, or find login information for other accounts.

Account Hijack is Biggest Ever

Researchers say that the 711 million addresses make this likely the biggest ever list of its type and that it seems to have been gathered together from multiple sources, including previous leaks. Some of the addresses appear not to be genuine and instead are made up of random words put together in the hope of stumbling on real addresses. However, researchers say the list contains enough genuine addresses, often with accompanying passwords, that it should cause concern. (Source: theguardian.com)

It's possible to check if an email address appears in any publicly leaked lists through independent sites such as https://haveibeenpwned.com/. If an address brings up hits on such sites, it may be worth changing email passwords on the associated sites and any other sites that you've used the same password on. That said, security experts recommend using unique, strong passwords on ALL sites to minimize risk.

What's Your Opinion?

Are you surprised that so many addresses appeared in one list? Were you aware that email accounts being hijacked for spam could be as big a problem as people trying to access messages? How do you balance security and practicality when it comes to your email security?

Need Help Setting Up and Automating Strong, Unique Passwords?

Programs like Roboform can be a true God-send if you hate having to remember passwords. It can not only generate and remember strong passwords for every site you visit - it can also fill the forms for you. All you need to do is remember a single master password to unlock all your passwords. It even works with fingerprints. Download Roboform today - you won't regret it. If you need help setting up Roboform, Dennis would be more than happy to assist - send an email briefly describing the issue and he'll get back to you ASAP.