Source: Sophos Nacked Security
It’s never good news to receive an alert from the Have I Been Pwned? (HIBP) project but it’s better to know than not.
Founded by Troy Hunt after the historically embarrassing Adobe breach of 2013, HIBP is a database of breached, scraped and otherwise stolen email accounts that lets anyone check whether theirs is known to be circulating among cybercriminals.
Vast numbers are, and to this total we can now add another 711m, recently discovered by a researcher called Benkow in an unsecured state inside text files on a Netherlands-based server that has been using them to fuel the “Onliner” spambot.
This, HIBP informs me, includes an email address registered to a domain I’ve used for years, the third time the site has spotted it inside a breach cache in four years.
Should I, or anyone else receiving the same email alert from HIBP about this spam list, be worried?
Hunt sums up the cache’s mountainous size:
Just for a sense of scale, that’s almost one address for every single man, woman and child in all of Europe.
It’s true the 711m haul is the largest yet reported by the site, but some of these will have been mentioned in previous breaches, in my case Adobe (152m) and Dropbox in 2012 (68m). Aggregated from different sources, the numbers aren’t cumulative.
HIBP also describes my email address as having been “pwned” in the latest dump although, strictly speaking, it’s the sites that allowed a breach to happen that deserve to be chastised – my failing was to entrust the address to companies that failed to protect it.
Read more here.
Check your email address on Have been pwned web site.