Over the years, Troy Hunt has uploaded a massive amount of data to his popular breach notification service Have I Been Pwned? He recently finished adding his single biggest update ever. In total, there were a mind-blowing 711 million records spread across numerous databases.
How did Hunt get his hands on all that data? Whoever configured the server where the files were stored didn't do a very thorough job of locking it down. Anyone who knew its IP address could pop on and browse through its contents -- and even download the entire stash with point-and-click ease.The server, which is located in the Netherlands was originally discovered by a Paris-based hacker who goes by the handle Benkow. It appears to be connected to a strain of malware called Ursnif, a Trojan that steals usernames and passwords as well as banking account and payment card details.That explains why Hunt found more than just email addresses among the data. He also discovered thousands of email/password combinations, complete with SMTP server (used for outgoing email) settings.
As Benkow explains, "To send spam, the attacker needs a huge list of SMTP credentials. To do so, there are only two options: create it or buy it." Once that list has been assembled it gets pumped into a spam bot, a computer program that automates the email distribution process. This particular spam bot is called Onliner, and it's been operating since at least 2016.Where did these crooks amass such a large amount of data? A vast number of the emails in this new dump were exposed in previous leaks and hacking incidents. For example, Hunt found every address that was exposed when LinkedIn fell victim to hackers back in 2012. The LinkedIn data has been circulating for quite some time and popped up in a number of subsequent leaks.
Other emails came from much fresher sources.For example, Benkow discovered around 2 million Facebook addresses that were gathered by a phishing campaign.If there's a silver lining to this, it's that law enforcement officials have been made aware of the leaky server. The good guys have managed to knock some pretty massive spam bot networks offline in the past, and hopefully they'll be successful in taking Onliner down, too.