Most of us have attempted to beef up our online security following large scale attacks such as WannaCry in recent months.
However, chances are your online data has already been breached.
Going by compromised email checking tool Have I Been Pwned (HIBP), billions of email addresses, passwords and other online data has been hacked and scraped in large cyber-attacks on huge sites such as Yahoo!, MySpace and LinkedIn over the years.
However, a recent dump of email addresses and passwords, uncovered by HIBP founder Troy Hunt, puts past leaks to shame.
Largest spam list of all time discovered online
Writing on his personal blog, Microsoft Regional Director and security expert Hunt announced that he had been alerted to a huge spam list containing a total of 711 million email addresses. Many of these records also contained passwords to the listed accounts.
According to Hunt, this is the largest data list that he has come across while working on the HIBP project to date:
Just for a sense of scale, that’s almost one address for every single man, woman and child in all of Europe.
The spam list contains two sets of data. One contains just email addresses. This is believed to be used by spammers to deliver spam emails to as many people as possible.
According to Hunt, many of these email addresses were also included in previous leaks.
Likewise, many appear to have been poorly scraped from publicly available sources online.
While annoying, the odd email from a rich uncle that wants to send you $100b isn’t much to worry about. Although, those on the second list have a bigger problem.
The second is a list of emails and passwords.
These accounts are breached by spam bots in order to deliver spam emails from seemingly trustworthy addresses. Likewise, with the list now available online, this information can be used by other criminals to gain access to your other online accounts.
According to Hunt, these make up more than a third of the breached accounts.
Are you one of 711m and what should you do if so?
Chances are your email address, password and other online data has been involved in a breach before.
In order to check, visit HIBP and type in your email address. This latest breach is listed as “Onliner Spambot”.
If your email account does come back as compromised, whether part of the latest attack or any others, the first thing to do is change your password. You should do this not only for your email account, but all of your accounts that use same email and password set.
Likewise, you should avoid using the same password more than once.
Passwords should vary from account to account, using a combination of letters, numbers and symbols. This will make it more difficult for password crackers to figure out your details.
When possible, you shouldn’t rely solely on your password. Complex software is making it easier than ever for criminals to force entry to your online accounts.
Using two-factor authentication will stop unauthorised devices from accessing accounts, regardless of whether they have the correct login details.
With two-factor authentication enabled, a randomly generated code will be sent to your phone or accessed through an app. This code is needed to gain access to the account from unauthorised devices.