Australian computer security expert Troy Hunt has revealed the leak of 711 million email addresses, which was caused by a misconfigured spambot.
Hunt runs HaveIBeenPwned.com, a site that allows you to see if your personal information has been compromised via a simple email search. Subscribers to the site can also be notified as soon as their information is discovered to have been compromised by such a data breach. Hunt has had many run-ins with spambots and their email datasets in the past.
In a post to Hunt’s blog, he explained:
Last week I was contacted by someone alerting me to the presence of a spam list. A big one. That’s a bit of a relative term though because whilst I’ve loaded “big” spam lists into Have I been pwned (HIBP) before, the largest to date has been a mere 393m records and belonged to River City Media. The one I’m writing about today is 711m records which makes it the largest single set of data I’ve ever loaded into HIBP. Just for a sense of scale, that’s almost one address for every single man, woman and child in all of Europe.
Fortunately, the contents of this breach were exclusively email addresses, without any of the associated personal information. Furthermore, many of those addresses were merely attempts to guess at sensitive business emails. Others were “scraped” directly from the web, resulting in numerous defunct or invalid entries. Even so, the data exposed is almost twice the size of March’s similar River City Media breach.
Unfortunately, there is not very much that an individual can do to remedy the situation. According to Hunt:
Finding yourself in this data set unfortunately doesn’t give you much insight into where your email address was obtained from nor what you can actually do about it. I have no idea how this service got mine, but even for me with all the data I see doing what I do, there was still a moment where I went ‘ah, this helps explain all the spam I get.’
Follow Nate Church @Get2Church on Twitter for the latest news in gaming and technology, and snarky opinions on both.